From nobody Sun May 19 02:12:58 2024 Delivered-To: importer2@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 167389127076967.64800522828045; Mon, 16 Jan 2023 09:47:50 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pHTZ3-0001HA-NI; Mon, 16 Jan 2023 12:46:33 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pHTZ1-0001GA-2f; Mon, 16 Jan 2023 12:46:32 -0500 Received: from mail.ozlabs.org ([2404:9400:2221:ea00::3] helo=gandalf.ozlabs.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pHTYz-0006qL-3B; Mon, 16 Jan 2023 12:46:30 -0500 Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by gandalf.ozlabs.org (Postfix) with ESMTP id 4Nwfb056WXz4xyB; Tue, 17 Jan 2023 04:46:20 +1100 (AEDT) Received: from authenticated.ozlabs.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.ozlabs.org (Postfix) with ESMTPSA id 4NwfZx14trz4x1N; Tue, 17 Jan 2023 04:46:16 +1100 (AEDT) From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= To: qemu-s390x@nongnu.org Cc: qemu-devel@nongnu.org, Thomas Huth , Halil Pasic , Christian Borntraeger , Claudio Imbrenda , frankja@linux.ibm.com, David Hildenbrand , Ilya Leoshkevich , Eric Farman , Sebastian Mitterle , =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= Subject: [PATCH v3 1/3] s390x/pv: Implement a CGS check helper Date: Mon, 16 Jan 2023 18:46:05 +0100 Message-Id: <20230116174607.2459498-2-clg@kaod.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230116174607.2459498-1-clg@kaod.org> References: <20230116174607.2459498-1-clg@kaod.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer2=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2404:9400:2221:ea00::3; envelope-from=SRS0=IbPF=5N=kaod.org=clg@ozlabs.org; helo=gandalf.ozlabs.org X-Spam_score_int: -39 X-Spam_score: -4.0 X-Spam_bar: ---- X-Spam_report: (-4.0 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer2=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer2=patchew.org@nongnu.org X-ZM-MESSAGEID: 1673891271639100001 From: C=C3=A9dric Le Goater When a protected VM is started with the maximum number of CPUs (248), the service call providing information on the CPUs requires more buffer space than allocated and QEMU disgracefully aborts : LOADPARM=3D[........] Using virtio-blk. Using SCSI scheme. .......................................................................= ............ qemu-system-s390x: KVM_S390_MEM_OP failed: Argument list too long When protected virtualization is initialized, compute the maximum number of vCPUs supported by the machine and return useful information to the user before the machine starts in case of error. Suggested-by: Thomas Huth Reviewed-by: Thomas Huth Signed-off-by: C=C3=A9dric Le Goater --- hw/s390x/pv.c | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c index 8dfe92d8df..8a1c71436b 100644 --- a/hw/s390x/pv.c +++ b/hw/s390x/pv.c @@ -20,6 +20,7 @@ #include "exec/confidential-guest-support.h" #include "hw/s390x/ipl.h" #include "hw/s390x/pv.h" +#include "hw/s390x/sclp.h" #include "target/s390x/kvm/kvm_s390x.h" =20 static bool info_valid; @@ -249,6 +250,41 @@ struct S390PVGuestClass { ConfidentialGuestSupportClass parent_class; }; =20 +/* + * If protected virtualization is enabled, the amount of data that the + * Read SCP Info Service Call can use is limited to one page. The + * available space also depends on the Extended-Length SCCB (ELS) + * feature which can take more buffer space to store feature + * information. This impacts the maximum number of CPUs supported in + * the machine. + */ +static uint32_t s390_pv_get_max_cpus(void) +{ + int offset_cpu =3D s390_has_feat(S390_FEAT_EXTENDED_LENGTH_SCCB) ? + offsetof(ReadInfo, entries) : SCLP_READ_SCP_INFO_FIXED_CPU_OFFSET; + + return (TARGET_PAGE_SIZE - offset_cpu) / sizeof(CPUEntry); +} + +static bool s390_pv_check_cpus(Error **errp) +{ + MachineState *ms =3D MACHINE(qdev_get_machine()); + uint32_t pv_max_cpus =3D s390_pv_get_max_cpus(); + + if (ms->smp.max_cpus > pv_max_cpus) { + error_setg(errp, "Protected VMs support a maximum of %d CPUs", + pv_max_cpus); + return false; + } + + return true; +} + +static bool s390_pv_guest_check(ConfidentialGuestSupport *cgs, Error **err= p) +{ + return s390_pv_check_cpus(errp); +} + int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { if (!object_dynamic_cast(OBJECT(cgs), TYPE_S390_PV_GUEST)) { @@ -261,6 +297,10 @@ int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Er= ror **errp) return -1; } =20 + if (!s390_pv_guest_check(cgs, errp)) { + return -1; + } + cgs->ready =3D true; =20 return 0; --=20 2.39.0 From nobody Sun May 19 02:12:58 2024 Delivered-To: importer2@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 16738912306051000.2416543427041; Mon, 16 Jan 2023 09:47:10 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pHTZA-0001I8-KK; Mon, 16 Jan 2023 12:46:40 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pHTZ1-0001GB-GM; Mon, 16 Jan 2023 12:46:32 -0500 Received: from mail.ozlabs.org ([2404:9400:2221:ea00::3] helo=gandalf.ozlabs.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pHTYz-0006qu-4i; Mon, 16 Jan 2023 12:46:31 -0500 Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by gandalf.ozlabs.org (Postfix) with ESMTP id 4Nwfb45Z3Qz4xyn; Tue, 17 Jan 2023 04:46:24 +1100 (AEDT) Received: from authenticated.ozlabs.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.ozlabs.org (Postfix) with ESMTPSA id 4Nwfb11brjz4x1N; Tue, 17 Jan 2023 04:46:20 +1100 (AEDT) From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= To: qemu-s390x@nongnu.org Cc: qemu-devel@nongnu.org, Thomas Huth , Halil Pasic , Christian Borntraeger , Claudio Imbrenda , frankja@linux.ibm.com, David Hildenbrand , Ilya Leoshkevich , Eric Farman , Sebastian Mitterle , =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= Subject: [PATCH v3 2/3] s390x/pv: Introduce a s390_pv_check() helper for runtime Date: Mon, 16 Jan 2023 18:46:06 +0100 Message-Id: <20230116174607.2459498-3-clg@kaod.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230116174607.2459498-1-clg@kaod.org> References: <20230116174607.2459498-1-clg@kaod.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer2=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2404:9400:2221:ea00::3; envelope-from=SRS0=IbPF=5N=kaod.org=clg@ozlabs.org; helo=gandalf.ozlabs.org X-Spam_score_int: -39 X-Spam_score: -4.0 X-Spam_bar: ---- X-Spam_report: (-4.0 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer2=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer2=patchew.org@nongnu.org X-ZM-MESSAGEID: 1673891231477100001 From: C=C3=A9dric Le Goater If a secure kernel is started in a non-protected VM, the OS will hang during boot without giving a proper error message to the user. Perform the checks on Confidential Guest support at runtime with an helper called from the service call switching the guest to protected mode. Signed-off-by: C=C3=A9dric Le Goater --- In s390_pv_check(), drop the call to s390_pv_guest_check() since init time has already checked the same conditions. However, to report an error when the machine is not protected and the kernel secure, we still need s390_pv_check(). include/hw/s390x/pv.h | 2 ++ hw/s390x/pv.c | 13 +++++++++++++ target/s390x/diag.c | 7 +++++++ 3 files changed, 22 insertions(+) diff --git a/include/hw/s390x/pv.h b/include/hw/s390x/pv.h index 9360aa1091..ca7dac2e20 100644 --- a/include/hw/s390x/pv.h +++ b/include/hw/s390x/pv.h @@ -55,6 +55,7 @@ int kvm_s390_dump_init(void); int kvm_s390_dump_cpu(S390CPU *cpu, void *buff); int kvm_s390_dump_mem_state(uint64_t addr, size_t len, void *dest); int kvm_s390_dump_completion_data(void *buff); +bool s390_pv_check(Error **errp); #else /* CONFIG_KVM */ static inline bool s390_is_pv(void) { return false; } static inline int s390_pv_query_info(void) { return 0; } @@ -75,6 +76,7 @@ static inline int kvm_s390_dump_cpu(S390CPU *cpu, void *b= uff) { return 0; } static inline int kvm_s390_dump_mem_state(uint64_t addr, size_t len, void *dest) { return 0; } static inline int kvm_s390_dump_completion_data(void *buff) { return 0; } +static inline bool s390_pv_check(Error **errp) { return false; } #endif /* CONFIG_KVM */ =20 int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error **errp); diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c index 8a1c71436b..8405e73a1b 100644 --- a/hw/s390x/pv.c +++ b/hw/s390x/pv.c @@ -306,6 +306,19 @@ int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Er= ror **errp) return 0; } =20 +bool s390_pv_check(Error **errp) +{ + MachineState *ms =3D MACHINE(qdev_get_machine()); + + if (!ms->cgs) { + error_setg(errp, "Protected VM is started without Confidential" + " Guest support"); + return false; + } + + return true; +} + OBJECT_DEFINE_TYPE_WITH_INTERFACES(S390PVGuest, s390_pv_guest, S390_PV_GUEST, diff --git a/target/s390x/diag.c b/target/s390x/diag.c index 76b01dcd68..9b16e25930 100644 --- a/target/s390x/diag.c +++ b/target/s390x/diag.c @@ -79,6 +79,7 @@ void handle_diag_308(CPUS390XState *env, uint64_t r1, uin= t64_t r3, uintptr_t ra) uint64_t addr =3D env->regs[r1]; uint64_t subcode =3D env->regs[r3]; IplParameterBlock *iplb; + Error *local_err =3D NULL; =20 if (env->psw.mask & PSW_MASK_PSTATE) { s390_program_interrupt(env, PGM_PRIVILEGED, ra); @@ -176,6 +177,12 @@ out: return; } =20 + if (!s390_pv_check(&local_err)) { + error_report_err(local_err); + env->regs[r1 + 1] =3D DIAG_308_RC_INVAL_FOR_PV; + return; + } + s390_ipl_reset_request(cs, S390_RESET_PV); break; default: --=20 2.39.0 From nobody Sun May 19 02:12:58 2024 Delivered-To: importer2@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer2=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1673891266241668.5470468558087; Mon, 16 Jan 2023 09:47:46 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pHTZ4-0001Hj-Oz; Mon, 16 Jan 2023 12:46:34 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pHTZ2-0001Gq-Oz; Mon, 16 Jan 2023 12:46:33 -0500 Received: from gandalf.ozlabs.org ([150.107.74.76]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pHTZ1-0006rj-5R; Mon, 16 Jan 2023 12:46:32 -0500 Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by gandalf.ozlabs.org (Postfix) with ESMTP id 4Nwfb865D1z4xys; Tue, 17 Jan 2023 04:46:28 +1100 (AEDT) Received: from authenticated.ozlabs.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.ozlabs.org (Postfix) with ESMTPSA id 4Nwfb524Hdz4x1N; Tue, 17 Jan 2023 04:46:25 +1100 (AEDT) From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= To: qemu-s390x@nongnu.org Cc: qemu-devel@nongnu.org, Thomas Huth , Halil Pasic , Christian Borntraeger , Claudio Imbrenda , frankja@linux.ibm.com, David Hildenbrand , Ilya Leoshkevich , Eric Farman , Sebastian Mitterle , =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= Subject: [PATCH v3 3/3] s390x/pv: Move check on hugepage under s390_pv_guest_check() Date: Mon, 16 Jan 2023 18:46:07 +0100 Message-Id: <20230116174607.2459498-4-clg@kaod.org> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230116174607.2459498-1-clg@kaod.org> References: <20230116174607.2459498-1-clg@kaod.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer2=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=150.107.74.76; envelope-from=SRS0=IbPF=5N=kaod.org=clg@ozlabs.org; helo=gandalf.ozlabs.org X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer2=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer2=patchew.org@nongnu.org X-ZM-MESSAGEID: 1673891267704100003 From: C=C3=A9dric Le Goater Such conditions on Protected Virtualization can now be checked at init time. This is possible because Protected Virtualization is initialized after memory where the page size is set. Reviewed-by: Thomas Huth Signed-off-by: C=C3=A9dric Le Goater --- hw/s390x/pv.c | 13 ++++++++++++- target/s390x/diag.c | 7 ------- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c index 8405e73a1b..679d860f54 100644 --- a/hw/s390x/pv.c +++ b/hw/s390x/pv.c @@ -280,9 +280,20 @@ static bool s390_pv_check_cpus(Error **errp) return true; } =20 +static bool s390_pv_check_hpage(Error **errp) +{ + if (kvm_s390_get_hpage_1m()) { + error_setg(errp, "Protected VMs can currently not be backed with " + "huge pages"); + return false; + } + + return true; +} + static bool s390_pv_guest_check(ConfidentialGuestSupport *cgs, Error **err= p) { - return s390_pv_check_cpus(errp); + return s390_pv_check_cpus(errp) && s390_pv_check_hpage(errp); } =20 int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) diff --git a/target/s390x/diag.c b/target/s390x/diag.c index 9b16e25930..28f4350aed 100644 --- a/target/s390x/diag.c +++ b/target/s390x/diag.c @@ -170,13 +170,6 @@ out: return; } =20 - if (kvm_enabled() && kvm_s390_get_hpage_1m()) { - error_report("Protected VMs can currently not be backed with " - "huge pages"); - env->regs[r1 + 1] =3D DIAG_308_RC_INVAL_FOR_PV; - return; - } - if (!s390_pv_check(&local_err)) { error_report_err(local_err); env->regs[r1 + 1] =3D DIAG_308_RC_INVAL_FOR_PV; --=20 2.39.0