From 92a5199b29f6519aa5f774f4b96dc41954f641d1 Mon Sep 17 00:00:00 2001 From: Tom Lendacky Date: Tue, 26 Jan 2021 11:36:47 -0600 Subject: sev/i386: Don't allow a system reset under an SEV-ES guest An SEV-ES guest does not allow register state to be altered once it has been measured. When an SEV-ES guest issues a reboot command, Qemu will reset the vCPU state and resume the guest. This will cause failures under SEV-ES. Prevent that from occuring by introducing an arch-specific callback that returns a boolean indicating whether vCPUs are resettable. Cc: Peter Maydell Cc: Aurelien Jarno Cc: Jiaxun Yang Cc: Aleksandar Rikalo Cc: David Gibson Cc: David Hildenbrand Reviewed-by: Dr. David Alan Gilbert Signed-off-by: Tom Lendacky Reviewed-by: Venu Busireddy Message-Id: <1ac39c441b9a3e970e9556e1cc29d0a0814de6fd.1611682609.git.thomas.lendacky@amd.com> Signed-off-by: Paolo Bonzini --- softmmu/runstate.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'softmmu/runstate.c') diff --git a/softmmu/runstate.c b/softmmu/runstate.c index a7fcb60..2874417 100644 --- a/softmmu/runstate.c +++ b/softmmu/runstate.c @@ -528,6 +528,9 @@ void qemu_system_reset_request(ShutdownCause reason) if (reboot_action == REBOOT_ACTION_SHUTDOWN && reason != SHUTDOWN_CAUSE_SUBSYSTEM_RESET) { shutdown_requested = reason; + } else if (!cpus_are_resettable()) { + error_report("cpus are not resettable, terminating"); + shutdown_requested = reason; } else { reset_requested = reason; } -- cgit v1.1