diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2020-04-30 14:00:36 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2020-04-30 14:00:36 +0100 |
| commit | 16aaacb307ed607b9780c12702c44f0fe52edc7e (patch) | |
| tree | 46cb25b7cfb44f59cb0f49c03b93ad1089199f68 /hw | |
| parent | 68bfd7db1e8b718187fd0ba4dde32396efcde668 (diff) | |
| parent | fbc1384ccd48fa7c0c38f950adf7992a4fb6042e (diff) | |
| download | qemu-16aaacb307ed607b9780c12702c44f0fe52edc7e.zip qemu-16aaacb307ed607b9780c12702c44f0fe52edc7e.tar.gz qemu-16aaacb307ed607b9780c12702c44f0fe52edc7e.tar.bz2 | |
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20200430' into staging
- update Linux headers to 5.7-rc3 (and virtio-net fixup)
- support for protected virtualization aka secure execution
# gpg: Signature made Thu 30 Apr 2020 10:41:31 BST
# gpg: using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF
# gpg: issuer "cohuck@redhat.com"
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [marginal]
# gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full]
# gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full]
# gpg: aka "Cornelia Huck <cohuck@kernel.org>" [marginal]
# gpg: aka "Cornelia Huck <cohuck@redhat.com>" [marginal]
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF
* remotes/cohuck/tags/s390x-20200430:
s390x/s390-virtio-ccw: Fix build on systems without KVM
s390x/pv: Retry ioctls on -EINTR
s390x: protvirt: Fix stray error_report_err in s390_machine_protect
s390x: Add unpack facility feature to GA1
docs: system: Add protvirt docs
s390x: protvirt: Handle SIGP store status correctly
s390x: protvirt: Move IO control structures over SIDA
s390x: protvirt: Disable address checks for PV guest IO emulation
s390x: protvirt: Move diag 308 data over SIDA
s390x: protvirt: Set guest IPL PSW
s390x: protvirt: SCLP interpretation
s390x: protvirt: Move STSI data over SIDAD
s390x: Add SIDA memory ops
s390x: protvirt: KVM intercept changes
s390x: protvirt: Inhibit balloon when switching to protected mode
s390x: protvirt: Add migration blocker
s390x: protvirt: Support unpack facility
s390x: Move diagnose 308 subcodes and rcs into ipl.h
linux-headers: update against Linux 5.7-rc3
virtio-net: fix rsc_ext compat handling
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw')
| -rw-r--r-- | hw/net/virtio-net.c | 4 | ||||
| -rw-r--r-- | hw/s390x/Makefile.objs | 1 | ||||
| -rw-r--r-- | hw/s390x/ipl.c | 59 | ||||
| -rw-r--r-- | hw/s390x/ipl.h | 103 | ||||
| -rw-r--r-- | hw/s390x/pv.c | 113 | ||||
| -rw-r--r-- | hw/s390x/s390-virtio-ccw.c | 137 | ||||
| -rw-r--r-- | hw/s390x/sclp.c | 56 |
7 files changed, 452 insertions, 21 deletions
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 65bb688..3301869 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -83,6 +83,8 @@ #define VIRTIO_NET_HDR_F_RSC_INFO 4 /* rsc_ext data in csum_ fields */ #define VIRTIO_NET_F_RSC_EXT 61 +#endif + static inline __virtio16 *virtio_net_rsc_ext_num_packets( struct virtio_net_hdr *hdr) { @@ -95,8 +97,6 @@ static inline __virtio16 *virtio_net_rsc_ext_num_dupacks( return &hdr->csum_offset; } -#endif - static VirtIOFeature feature_sizes[] = { {.flags = 1ULL << VIRTIO_NET_F_MAC, .end = endof(struct virtio_net_config, mac)}, diff --git a/hw/s390x/Makefile.objs b/hw/s390x/Makefile.objs index e02ed80..a46a1c7 100644 --- a/hw/s390x/Makefile.objs +++ b/hw/s390x/Makefile.objs @@ -31,6 +31,7 @@ obj-y += tod-qemu.o obj-$(CONFIG_KVM) += tod-kvm.o obj-$(CONFIG_KVM) += s390-skeys-kvm.o obj-$(CONFIG_KVM) += s390-stattrib-kvm.o +obj-$(CONFIG_KVM) += pv.o obj-y += s390-ccw.o obj-y += ap-device.o obj-y += ap-bridge.o diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c index 8c3e019..ce21494 100644 --- a/hw/s390x/ipl.c +++ b/hw/s390x/ipl.c @@ -1,10 +1,11 @@ /* * bootloader support * - * Copyright IBM, Corp. 2012 + * Copyright IBM, Corp. 2012, 2020 * * Authors: * Christian Borntraeger <borntraeger@de.ibm.com> + * Janosch Frank <frankja@linux.ibm.com> * * This work is licensed under the terms of the GNU GPL, version 2 or (at your * option) any later version. See the COPYING file in the top-level directory. @@ -27,6 +28,7 @@ #include "hw/s390x/vfio-ccw.h" #include "hw/s390x/css.h" #include "hw/s390x/ebcdic.h" +#include "hw/s390x/pv.h" #include "ipl.h" #include "qemu/error-report.h" #include "qemu/config-file.h" @@ -566,12 +568,31 @@ void s390_ipl_update_diag308(IplParameterBlock *iplb) { S390IPLState *ipl = get_ipl_device(); - ipl->iplb = *iplb; - ipl->iplb_valid = true; + /* + * The IPLB set and retrieved by subcodes 8/9 is completely + * separate from the one managed via subcodes 5/6. + */ + if (iplb->pbt == S390_IPL_TYPE_PV) { + ipl->iplb_pv = *iplb; + ipl->iplb_valid_pv = true; + } else { + ipl->iplb = *iplb; + ipl->iplb_valid = true; + } ipl->netboot = is_virtio_net_device(iplb); update_machine_ipl_properties(iplb); } +IplParameterBlock *s390_ipl_get_iplb_pv(void) +{ + S390IPLState *ipl = get_ipl_device(); + + if (!ipl->iplb_valid_pv) { + return NULL; + } + return &ipl->iplb_pv; +} + IplParameterBlock *s390_ipl_get_iplb(void) { S390IPLState *ipl = get_ipl_device(); @@ -660,6 +681,38 @@ static void s390_ipl_prepare_qipl(S390CPU *cpu) cpu_physical_memory_unmap(addr, len, 1, len); } +int s390_ipl_prepare_pv_header(void) +{ + IplParameterBlock *ipib = s390_ipl_get_iplb_pv(); + IPLBlockPV *ipib_pv = &ipib->pv; + void *hdr = g_malloc(ipib_pv->pv_header_len); + int rc; + + cpu_physical_memory_read(ipib_pv->pv_header_addr, hdr, + ipib_pv->pv_header_len); + rc = s390_pv_set_sec_parms((uintptr_t)hdr, + ipib_pv->pv_header_len); + g_free(hdr); + return rc; +} + +int s390_ipl_pv_unpack(void) +{ + IplParameterBlock *ipib = s390_ipl_get_iplb_pv(); + IPLBlockPV *ipib_pv = &ipib->pv; + int i, rc = 0; + + for (i = 0; i < ipib_pv->num_comp; i++) { + rc = s390_pv_unpack(ipib_pv->components[i].addr, + TARGET_PAGE_ALIGN(ipib_pv->components[i].size), + ipib_pv->components[i].tweak_pref); + if (rc) { + break; + } + } + return rc; +} + void s390_ipl_prepare_cpu(S390CPU *cpu) { S390IPLState *ipl = get_ipl_device(); diff --git a/hw/s390x/ipl.h b/hw/s390x/ipl.h index 3e44abe..53cc9eb 100644 --- a/hw/s390x/ipl.h +++ b/hw/s390x/ipl.h @@ -1,8 +1,9 @@ /* * s390 IPL device * - * Copyright 2015 IBM Corp. + * Copyright 2015, 2020 IBM Corp. * Author(s): Zhang Fan <bjfanzh@cn.ibm.com> + * Janosch Frank <frankja@linux.ibm.com> * * This work is licensed under the terms of the GNU GPL, version 2 or (at * your option) any later version. See the COPYING file in the top-level @@ -13,8 +14,27 @@ #define HW_S390_IPL_H #include "cpu.h" +#include "exec/address-spaces.h" #include "hw/qdev-core.h" +struct IPLBlockPVComp { + uint64_t tweak_pref; + uint64_t addr; + uint64_t size; +} QEMU_PACKED; +typedef struct IPLBlockPVComp IPLBlockPVComp; + +struct IPLBlockPV { + uint8_t reserved18[87]; /* 0x18 */ + uint8_t version; /* 0x6f */ + uint32_t reserved70; /* 0x70 */ + uint32_t num_comp; /* 0x74 */ + uint64_t pv_header_addr; /* 0x78 */ + uint64_t pv_header_len; /* 0x80 */ + struct IPLBlockPVComp components[]; +} QEMU_PACKED; +typedef struct IPLBlockPV IPLBlockPV; + struct IplBlockCcw { uint8_t reserved0[85]; uint8_t ssid; @@ -71,6 +91,7 @@ union IplParameterBlock { union { IplBlockCcw ccw; IplBlockFcp fcp; + IPLBlockPV pv; IplBlockQemuScsi scsi; }; } QEMU_PACKED; @@ -85,8 +106,11 @@ typedef union IplParameterBlock IplParameterBlock; int s390_ipl_set_loadparm(uint8_t *loadparm); void s390_ipl_update_diag308(IplParameterBlock *iplb); +int s390_ipl_prepare_pv_header(void); +int s390_ipl_pv_unpack(void); void s390_ipl_prepare_cpu(S390CPU *cpu); IplParameterBlock *s390_ipl_get_iplb(void); +IplParameterBlock *s390_ipl_get_iplb_pv(void); enum s390_reset { /* default is a reset not triggered by a CPU e.g. issued by QMP */ @@ -94,6 +118,7 @@ enum s390_reset { S390_RESET_REIPL, S390_RESET_MODIFIED_CLEAR, S390_RESET_LOAD_NORMAL, + S390_RESET_PV, }; void s390_ipl_reset_request(CPUState *cs, enum s390_reset reset_type); void s390_ipl_get_reset_request(CPUState **cs, enum s390_reset *reset_type); @@ -133,6 +158,7 @@ struct S390IPLState { /*< private >*/ DeviceState parent_obj; IplParameterBlock iplb; + IplParameterBlock iplb_pv; QemuIplParameters qipl; uint64_t start_addr; uint64_t compat_start_addr; @@ -140,6 +166,7 @@ struct S390IPLState { uint64_t compat_bios_start_addr; bool enforce_bios; bool iplb_valid; + bool iplb_valid_pv; bool netboot; /* reset related properties don't have to be migrated or reset */ enum s390_reset reset_type; @@ -159,11 +186,29 @@ struct S390IPLState { typedef struct S390IPLState S390IPLState; QEMU_BUILD_BUG_MSG(offsetof(S390IPLState, iplb) & 3, "alignment of iplb wrong"); +#define DIAG_308_RC_OK 0x0001 +#define DIAG_308_RC_NO_CONF 0x0102 +#define DIAG_308_RC_INVALID 0x0402 +#define DIAG_308_RC_NO_PV_CONF 0x0902 +#define DIAG_308_RC_INVAL_FOR_PV 0x0a02 + +#define DIAG308_RESET_MOD_CLR 0 +#define DIAG308_RESET_LOAD_NORM 1 +#define DIAG308_LOAD_CLEAR 3 +#define DIAG308_LOAD_NORMAL_DUMP 4 +#define DIAG308_SET 5 +#define DIAG308_STORE 6 +#define DIAG308_PV_SET 8 +#define DIAG308_PV_STORE 9 +#define DIAG308_PV_START 10 + #define S390_IPL_TYPE_FCP 0x00 #define S390_IPL_TYPE_CCW 0x02 +#define S390_IPL_TYPE_PV 0x05 #define S390_IPL_TYPE_QEMU_SCSI 0xff #define S390_IPLB_HEADER_LEN 8 +#define S390_IPLB_MIN_PV_LEN 148 #define S390_IPLB_MIN_CCW_LEN 200 #define S390_IPLB_MIN_FCP_LEN 384 #define S390_IPLB_MIN_QEMU_SCSI_LEN 200 @@ -173,6 +218,62 @@ static inline bool iplb_valid_len(IplParameterBlock *iplb) return be32_to_cpu(iplb->len) <= sizeof(IplParameterBlock); } +static inline bool ipl_valid_pv_components(IplParameterBlock *iplb) +{ + IPLBlockPV *ipib_pv = &iplb->pv; + int i; + + if (ipib_pv->num_comp == 0) { + return false; + } + + for (i = 0; i < ipib_pv->num_comp; i++) { + /* Addr must be 4k aligned */ + if (ipib_pv->components[i].addr & ~TARGET_PAGE_MASK) { + return false; + } + + /* Tweak prefix is monotonically increasing with each component */ + if (i < ipib_pv->num_comp - 1 && + ipib_pv->components[i].tweak_pref >= + ipib_pv->components[i + 1].tweak_pref) { + return false; + } + } + return true; +} + +static inline bool ipl_valid_pv_header(IplParameterBlock *iplb) +{ + IPLBlockPV *ipib_pv = &iplb->pv; + + if (ipib_pv->pv_header_len > 2 * TARGET_PAGE_SIZE) { + return false; + } + + if (!address_space_access_valid(&address_space_memory, + ipib_pv->pv_header_addr, + ipib_pv->pv_header_len, + false, + MEMTXATTRS_UNSPECIFIED)) { + return false; + } + + return true; +} + +static inline bool iplb_valid_pv(IplParameterBlock *iplb) +{ + if (iplb->pbt != S390_IPL_TYPE_PV || + be32_to_cpu(iplb->len) < S390_IPLB_MIN_PV_LEN) { + return false; + } + if (!ipl_valid_pv_header(iplb)) { + return false; + } + return ipl_valid_pv_components(iplb); +} + static inline bool iplb_valid(IplParameterBlock *iplb) { switch (iplb->pbt) { diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c new file mode 100644 index 0000000..f11868e --- /dev/null +++ b/hw/s390x/pv.c @@ -0,0 +1,113 @@ +/* + * Protected Virtualization functions + * + * Copyright IBM Corp. 2020 + * Author(s): + * Janosch Frank <frankja@linux.ibm.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or (at + * your option) any later version. See the COPYING file in the top-level + * directory. + */ +#include "qemu/osdep.h" + +#include <linux/kvm.h> + +#include "cpu.h" +#include "qemu/error-report.h" +#include "sysemu/kvm.h" +#include "hw/s390x/ipl.h" +#include "hw/s390x/pv.h" + +static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, void *data) +{ + struct kvm_pv_cmd pv_cmd = { + .cmd = cmd, + .data = (uint64_t)data, + }; + int rc; + + do { + rc = kvm_vm_ioctl(kvm_state, KVM_S390_PV_COMMAND, &pv_cmd); + } while (rc == -EINTR); + + if (rc) { + error_report("KVM PV command %d (%s) failed: header rc %x rrc %x " + "IOCTL rc: %d", cmd, cmdname, pv_cmd.rc, pv_cmd.rrc, + rc); + } + return rc; +} + +/* + * This macro lets us pass the command as a string to the function so + * we can print it on an error. + */ +#define s390_pv_cmd(cmd, data) __s390_pv_cmd(cmd, #cmd, data); +#define s390_pv_cmd_exit(cmd, data) \ +{ \ + int rc; \ + \ + rc = __s390_pv_cmd(cmd, #cmd, data);\ + if (rc) { \ + exit(1); \ + } \ +} + +int s390_pv_vm_enable(void) +{ + return s390_pv_cmd(KVM_PV_ENABLE, NULL); +} + +void s390_pv_vm_disable(void) +{ + s390_pv_cmd_exit(KVM_PV_DISABLE, NULL); +} + +int s390_pv_set_sec_parms(uint64_t origin, uint64_t length) +{ + struct kvm_s390_pv_sec_parm args = { + .origin = origin, + .length = length, + }; + + return s390_pv_cmd(KVM_PV_SET_SEC_PARMS, &args); +} + +/* + * Called for each component in the SE type IPL parameter block 0. + */ +int s390_pv_unpack(uint64_t addr, uint64_t size, uint64_t tweak) +{ + struct kvm_s390_pv_unp args = { + .addr = addr, + .size = size, + .tweak = tweak, + }; + + return s390_pv_cmd(KVM_PV_UNPACK, &args); +} + +void s390_pv_perf_clear_reset(void) +{ + s390_pv_cmd_exit(KVM_PV_PREP_RESET, NULL); +} + +int s390_pv_verify(void) +{ + return s390_pv_cmd(KVM_PV_VERIFY, NULL); +} + +void s390_pv_unshare(void) +{ + s390_pv_cmd_exit(KVM_PV_UNSHARE_ALL, NULL); +} + +void s390_pv_inject_reset_error(CPUState *cs) +{ + int r1 = (cs->kvm_run->s390_sieic.ipa & 0x00f0) >> 4; + CPUS390XState *env = &S390_CPU(cs)->env; + + /* Report that we are unable to enter protected mode */ + env->regs[r1 + 1] = DIAG_308_RC_INVAL_FOR_PV; +} diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c index 0fa00a9..45292fb 100644 --- a/hw/s390x/s390-virtio-ccw.c +++ b/hw/s390x/s390-virtio-ccw.c @@ -1,9 +1,10 @@ /* * virtio ccw machine * - * Copyright 2012 IBM Corp. + * Copyright 2012, 2020 IBM Corp. * Copyright (c) 2009 Alexander Graf <agraf@suse.de> * Author(s): Cornelia Huck <cornelia.huck@de.ibm.com> + * Janosch Frank <frankja@linux.ibm.com> * * This work is licensed under the terms of the GNU GPL, version 2 or (at * your option) any later version. See the COPYING file in the top-level @@ -42,6 +43,11 @@ #include "hw/qdev-properties.h" #include "hw/s390x/tod.h" #include "sysemu/sysemu.h" +#include "sysemu/balloon.h" +#include "hw/s390x/pv.h" +#include "migration/blocker.h" + +static Error *pv_mig_blocker; S390CPU *s390_cpu_addr2state(uint16_t cpu_addr) { @@ -317,10 +323,93 @@ static inline void s390_do_cpu_ipl(CPUState *cs, run_on_cpu_data arg) s390_cpu_set_state(S390_CPU_STATE_OPERATING, cpu); } +static void s390_machine_unprotect(S390CcwMachineState *ms) +{ + s390_pv_vm_disable(); + ms->pv = false; + migrate_del_blocker(pv_mig_blocker); + error_free_or_abort(&pv_mig_blocker); + qemu_balloon_inhibit(false); +} + +static int s390_machine_protect(S390CcwMachineState *ms) +{ + Error *local_err = NULL; + int rc; + + /* + * Ballooning on protected VMs needs support in the guest for + * sharing and unsharing balloon pages. Block ballooning for + * now, until we have a solution to make at least Linux guests + * either support it or fail gracefully. + */ + qemu_balloon_inhibit(true); + error_setg(&pv_mig_blocker, + "protected VMs are currently not migrateable."); + rc = migrate_add_blocker(pv_mig_blocker, &local_err); + if (rc) { + qemu_balloon_inhibit(false); + error_report_err(local_err); + error_free_or_abort(&pv_mig_blocker); + return rc; + } + + /* Create SE VM */ + rc = s390_pv_vm_enable(); + if (rc) { + qemu_balloon_inhibit(false); + migrate_del_blocker(pv_mig_blocker); + error_free_or_abort(&pv_mig_blocker); + return rc; + } + + ms->pv = true; + + /* Set SE header and unpack */ + rc = s390_ipl_prepare_pv_header(); + if (rc) { + goto out_err; + } + + /* Decrypt image */ + rc = s390_ipl_pv_unpack(); + if (rc) { + goto out_err; + } + + /* Verify integrity */ + rc = s390_pv_verify(); + if (rc) { + goto out_err; + } + return rc; + +out_err: + s390_machine_unprotect(ms); + return rc; +} + +static void s390_pv_prepare_reset(S390CcwMachineState *ms) +{ + CPUState *cs; + + if (!s390_is_pv()) { + return; + } + /* Unsharing requires all cpus to be stopped */ + CPU_FOREACH(cs) { + s390_cpu_set_state(S390_CPU_STATE_STOPPED, S390_CPU(cs)); + } + s390_pv_unshare(); + s390_pv_perf_clear_reset(); +} + static void s390_machine_reset(MachineState *machine) { + S390CcwMachineState *ms = S390_CCW_MACHINE(machine); enum s390_reset reset_type; CPUState *cs, *t; + S390CPU *cpu; /* get the reset parameters, reset them once done */ s390_ipl_get_reset_request(&cs, &reset_type); @@ -328,9 +417,15 @@ static void s390_machine_reset(MachineState *machine) /* all CPUs are paused and synchronized at this point */ s390_cmma_reset(); + cpu = S390_CPU(cs); + switch (reset_type) { case S390_RESET_EXTERNAL: case S390_RESET_REIPL: + if (s390_is_pv()) { + s390_machine_unprotect(ms); + } + qemu_devices_reset(); s390_crypto_reset(); @@ -338,24 +433,58 @@ static void s390_machine_reset(MachineState *machine) run_on_cpu(cs, s390_do_cpu_ipl, RUN_ON_CPU_NULL); break; case S390_RESET_MODIFIED_CLEAR: + /* + * Susbsystem reset needs to be done before we unshare memory + * and lose access to VIRTIO structures in guest memory. + */ + subsystem_reset(); + s390_crypto_reset(); + s390_pv_prepare_reset(ms); CPU_FOREACH(t) { run_on_cpu(t, s390_do_cpu_full_reset, RUN_ON_CPU_NULL); } - subsystem_reset(); - s390_crypto_reset(); run_on_cpu(cs, s390_do_cpu_load_normal, RUN_ON_CPU_NULL); break; case S390_RESET_LOAD_NORMAL: + /* + * Susbsystem reset needs to be done before we unshare memory + * and lose access to VIRTIO structures in guest memory. + */ + subsystem_reset(); + s390_pv_prepare_reset(ms); CPU_FOREACH(t) { if (t == cs) { continue; } run_on_cpu(t, s390_do_cpu_reset, RUN_ON_CPU_NULL); } - subsystem_reset(); run_on_cpu(cs, s390_do_cpu_initial_reset, RUN_ON_CPU_NULL); run_on_cpu(cs, s390_do_cpu_load_normal, RUN_ON_CPU_NULL); break; + case S390_RESET_PV: /* Subcode 10 */ + subsystem_reset(); + s390_crypto_reset(); + + CPU_FOREACH(t) { + if (t == cs) { + continue; + } + run_on_cpu(t, s390_do_cpu_full_reset, RUN_ON_CPU_NULL); + } + run_on_cpu(cs, s390_do_cpu_reset, RUN_ON_CPU_NULL); + + if (s390_machine_protect(ms)) { + s390_pv_inject_reset_error(cs); + /* + * Continue after the diag308 so the guest knows something + * went wrong. + */ + s390_cpu_set_state(S390_CPU_STATE_OPERATING, cpu); + return; + } + + run_on_cpu(cs, s390_do_cpu_load_normal, RUN_ON_CPU_NULL); + break; default: g_assert_not_reached(); } diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c index f0c35aa..ede056b 100644 --- a/hw/s390x/sclp.c +++ b/hw/s390x/sclp.c @@ -33,6 +33,22 @@ static inline SCLPDevice *get_sclp_device(void) return sclp; } +static inline bool sclp_command_code_valid(uint32_t code) +{ + switch (code & SCLP_CMD_CODE_MASK) { + case SCLP_CMDW_READ_SCP_INFO: + case SCLP_CMDW_READ_SCP_INFO_FORCED: + case SCLP_CMDW_READ_CPU_INFO: + case SCLP_CMDW_CONFIGURE_IOA: + case SCLP_CMDW_DECONFIGURE_IOA: + case SCLP_CMD_READ_EVENT_DATA: + case SCLP_CMD_WRITE_EVENT_DATA: + case SCLP_CMD_WRITE_EVENT_MASK: + return true; + } + return false; +} + static void prepare_cpu_entries(SCLPDevice *sclp, CPUEntry *entry, int *count) { MachineState *ms = MACHINE(qdev_get_machine()); @@ -193,6 +209,34 @@ static void sclp_execute(SCLPDevice *sclp, SCCB *sccb, uint32_t code) } } +/* + * We only need the address to have something valid for the + * service_interrupt call. + */ +#define SCLP_PV_DUMMY_ADDR 0x4000 +int sclp_service_call_protected(CPUS390XState *env, uint64_t sccb, + uint32_t code) +{ + SCLPDevice *sclp = get_sclp_device(); + SCLPDeviceClass *sclp_c = SCLP_GET_CLASS(sclp); + SCCB work_sccb; + hwaddr sccb_len = sizeof(SCCB); + + s390_cpu_pv_mem_read(env_archcpu(env), 0, &work_sccb, sccb_len); + + if (!sclp_command_code_valid(code)) { + work_sccb.h.response_code = cpu_to_be16(SCLP_RC_INVALID_SCLP_COMMAND); + goto out_write; + } + + sclp_c->execute(sclp, &work_sccb, code); +out_write: + s390_cpu_pv_mem_write(env_archcpu(env), 0, &work_sccb, + be16_to_cpu(work_sccb.h.length)); + sclp_c->service_interrupt(sclp, SCLP_PV_DUMMY_ADDR); + return 0; +} + int sclp_service_call(CPUS390XState *env, uint64_t sccb, uint32_t code) { SCLPDevice *sclp = get_sclp_device(); @@ -225,17 +269,7 @@ int sclp_service_call(CPUS390XState *env, uint64_t sccb, uint32_t code) return -PGM_SPECIFICATION; } - switch (code & SCLP_CMD_CODE_MASK) { - case SCLP_CMDW_READ_SCP_INFO: - case SCLP_CMDW_READ_SCP_INFO_FORCED: - case SCLP_CMDW_READ_CPU_INFO: - case SCLP_CMDW_CONFIGURE_IOA: - case SCLP_CMDW_DECONFIGURE_IOA: - case SCLP_CMD_READ_EVENT_DATA: - case SCLP_CMD_WRITE_EVENT_DATA: - case SCLP_CMD_WRITE_EVENT_MASK: - break; - default: + if (!sclp_command_code_valid(code)) { work_sccb.h.response_code = cpu_to_be16(SCLP_RC_INVALID_SCLP_COMMAND); goto out_write; } |