qemu

pef.c (3355B)

---

 /*
  * PEF (Protected Execution Facility) for POWER support
  *
  * Copyright Red Hat.
  *
  * This work is licensed under the terms of the GNU GPL, version 2 or later.
  * See the COPYING file in the top-level directory.
  *
  */
 
 #include "qemu/osdep.h"
 
 #include "qapi/error.h"
 #include "qom/object_interfaces.h"
 #include "sysemu/kvm.h"
 #include "migration/blocker.h"
 #include "exec/confidential-guest-support.h"
 #include "hw/ppc/pef.h"
 
 #define TYPE_PEF_GUEST "pef-guest"
 OBJECT_DECLARE_SIMPLE_TYPE(PefGuest, PEF_GUEST)
 
 typedef struct PefGuest PefGuest;
 typedef struct PefGuestClass PefGuestClass;
 
 struct PefGuestClass {
     ConfidentialGuestSupportClass parent_class;
 };
 
 /**
  * PefGuest:
  *
  * The PefGuest object is used for creating and managing a PEF
  * guest.
  *
  * # $QEMU \
  *         -object pef-guest,id=pef0 \
  *         -machine ...,confidential-guest-support=pef0
  */
 struct PefGuest {
     ConfidentialGuestSupport parent_obj;
 };
 
 static int kvmppc_svm_init(ConfidentialGuestSupport *cgs, Error **errp)
 {
 #ifdef CONFIG_KVM
     static Error *pef_mig_blocker;
 
     if (!kvm_check_extension(kvm_state, KVM_CAP_PPC_SECURE_GUEST)) {
         error_setg(errp,
                    "KVM implementation does not support Secure VMs (is an ultravisor running?)");
         return -1;
     } else {
         int ret = kvm_vm_enable_cap(kvm_state, KVM_CAP_PPC_SECURE_GUEST, 0, 1);
 
         if (ret < 0) {
             error_setg(errp,
                        "Error enabling PEF with KVM");
             return -1;
         }
     }
 
     /* add migration blocker */
     error_setg(&pef_mig_blocker, "PEF: Migration is not implemented");
     /* NB: This can fail if --only-migratable is used */
     migrate_add_blocker(pef_mig_blocker, &error_fatal);
 
     cgs->ready = true;
 
     return 0;
 #else
     g_assert_not_reached();
 #endif
 }
 
 /*
  * Don't set error if KVM_PPC_SVM_OFF ioctl is invoked on kernels
  * that don't support this ioctl.
  */
 static int kvmppc_svm_off(Error **errp)
 {
 #ifdef CONFIG_KVM
     int rc;
 
     rc = kvm_vm_ioctl(KVM_STATE(current_accel()), KVM_PPC_SVM_OFF);
     if (rc && rc != -ENOTTY) {
         error_setg_errno(errp, -rc, "KVM_PPC_SVM_OFF ioctl failed");
         return rc;
     }
     return 0;
 #else
     g_assert_not_reached();
 #endif
 }
 
 int pef_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
 {
     if (!object_dynamic_cast(OBJECT(cgs), TYPE_PEF_GUEST)) {
         return 0;
     }
 
     if (!kvm_enabled()) {
         error_setg(errp, "PEF requires KVM");
         return -1;
     }
 
     return kvmppc_svm_init(cgs, errp);
 }
 
 int pef_kvm_reset(ConfidentialGuestSupport *cgs, Error **errp)
 {
     if (!object_dynamic_cast(OBJECT(cgs), TYPE_PEF_GUEST)) {
         return 0;
     }
 
     /*
      * If we don't have KVM we should never have been able to
      * initialize PEF, so we should never get this far
      */
     assert(kvm_enabled());
 
     return kvmppc_svm_off(errp);
 }
 
 OBJECT_DEFINE_TYPE_WITH_INTERFACES(PefGuest,
                                    pef_guest,
                                    PEF_GUEST,
                                    CONFIDENTIAL_GUEST_SUPPORT,
                                    { TYPE_USER_CREATABLE },
                                    { NULL })
 
 static void pef_guest_class_init(ObjectClass *oc, void *data)
 {
 }
 
 static void pef_guest_init(Object *obj)
 {
 }
 
 static void pef_guest_finalize(Object *obj)
 {
 }