 c8a7fc5179
			
		
	
	
		c8a7fc5179
		
	
	
	
	
		
			
			Modify migrate_add_blocker and migrate_del_blocker to take an Error ** reason. This allows migration to own the Error object, so that if an error occurs in migrate_add_blocker, migration code can free the Error and clear the client handle, simplifying client code. It also simplifies the migrate_del_blocker call site. In addition, this is a pre-requisite for a proposed future patch that would add a mode argument to migration requests to support live update, and maintain a list of blockers for each mode. A blocker may apply to a single mode or to multiple modes, and passing Error** will allow one Error object to be registered for multiple modes. No functional change. Signed-off-by: Steve Sistare <steven.sistare@oracle.com> Tested-by: Michael Galaxy <mgalaxy@akamai.com> Reviewed-by: Michael Galaxy <mgalaxy@akamai.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com> Message-ID: <1697634216-84215-1-git-send-email-steven.sistare@oracle.com>
		
			
				
	
	
		
			143 lines
		
	
	
		
			3.3 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			143 lines
		
	
	
		
			3.3 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * PEF (Protected Execution Facility) for POWER support
 | |
|  *
 | |
|  * Copyright Red Hat.
 | |
|  *
 | |
|  * This work is licensed under the terms of the GNU GPL, version 2 or later.
 | |
|  * See the COPYING file in the top-level directory.
 | |
|  *
 | |
|  */
 | |
| 
 | |
| #include "qemu/osdep.h"
 | |
| 
 | |
| #include "qapi/error.h"
 | |
| #include "qom/object_interfaces.h"
 | |
| #include "sysemu/kvm.h"
 | |
| #include "migration/blocker.h"
 | |
| #include "exec/confidential-guest-support.h"
 | |
| #include "hw/ppc/pef.h"
 | |
| 
 | |
| #define TYPE_PEF_GUEST "pef-guest"
 | |
| OBJECT_DECLARE_SIMPLE_TYPE(PefGuest, PEF_GUEST)
 | |
| 
 | |
| typedef struct PefGuest PefGuest;
 | |
| typedef struct PefGuestClass PefGuestClass;
 | |
| 
 | |
| struct PefGuestClass {
 | |
|     ConfidentialGuestSupportClass parent_class;
 | |
| };
 | |
| 
 | |
| /**
 | |
|  * PefGuest:
 | |
|  *
 | |
|  * The PefGuest object is used for creating and managing a PEF
 | |
|  * guest.
 | |
|  *
 | |
|  * # $QEMU \
 | |
|  *         -object pef-guest,id=pef0 \
 | |
|  *         -machine ...,confidential-guest-support=pef0
 | |
|  */
 | |
| struct PefGuest {
 | |
|     ConfidentialGuestSupport parent_obj;
 | |
| };
 | |
| 
 | |
| static int kvmppc_svm_init(ConfidentialGuestSupport *cgs, Error **errp)
 | |
| {
 | |
| #ifdef CONFIG_KVM
 | |
|     static Error *pef_mig_blocker;
 | |
| 
 | |
|     if (!kvm_check_extension(kvm_state, KVM_CAP_PPC_SECURE_GUEST)) {
 | |
|         error_setg(errp,
 | |
|                    "KVM implementation does not support Secure VMs (is an ultravisor running?)");
 | |
|         return -1;
 | |
|     } else {
 | |
|         int ret = kvm_vm_enable_cap(kvm_state, KVM_CAP_PPC_SECURE_GUEST, 0, 1);
 | |
| 
 | |
|         if (ret < 0) {
 | |
|             error_setg(errp,
 | |
|                        "Error enabling PEF with KVM");
 | |
|             return -1;
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     /* add migration blocker */
 | |
|     error_setg(&pef_mig_blocker, "PEF: Migration is not implemented");
 | |
|     /* NB: This can fail if --only-migratable is used */
 | |
|     migrate_add_blocker(&pef_mig_blocker, &error_fatal);
 | |
| 
 | |
|     cgs->ready = true;
 | |
| 
 | |
|     return 0;
 | |
| #else
 | |
|     g_assert_not_reached();
 | |
| #endif
 | |
| }
 | |
| 
 | |
| /*
 | |
|  * Don't set error if KVM_PPC_SVM_OFF ioctl is invoked on kernels
 | |
|  * that don't support this ioctl.
 | |
|  */
 | |
| static int kvmppc_svm_off(Error **errp)
 | |
| {
 | |
| #ifdef CONFIG_KVM
 | |
|     int rc;
 | |
| 
 | |
|     rc = kvm_vm_ioctl(KVM_STATE(current_accel()), KVM_PPC_SVM_OFF);
 | |
|     if (rc && rc != -ENOTTY) {
 | |
|         error_setg_errno(errp, -rc, "KVM_PPC_SVM_OFF ioctl failed");
 | |
|         return rc;
 | |
|     }
 | |
|     return 0;
 | |
| #else
 | |
|     g_assert_not_reached();
 | |
| #endif
 | |
| }
 | |
| 
 | |
| int pef_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
 | |
| {
 | |
|     if (!object_dynamic_cast(OBJECT(cgs), TYPE_PEF_GUEST)) {
 | |
|         return 0;
 | |
|     }
 | |
| 
 | |
|     if (!kvm_enabled()) {
 | |
|         error_setg(errp, "PEF requires KVM");
 | |
|         return -1;
 | |
|     }
 | |
| 
 | |
|     return kvmppc_svm_init(cgs, errp);
 | |
| }
 | |
| 
 | |
| int pef_kvm_reset(ConfidentialGuestSupport *cgs, Error **errp)
 | |
| {
 | |
|     if (!object_dynamic_cast(OBJECT(cgs), TYPE_PEF_GUEST)) {
 | |
|         return 0;
 | |
|     }
 | |
| 
 | |
|     /*
 | |
|      * If we don't have KVM we should never have been able to
 | |
|      * initialize PEF, so we should never get this far
 | |
|      */
 | |
|     assert(kvm_enabled());
 | |
| 
 | |
|     return kvmppc_svm_off(errp);
 | |
| }
 | |
| 
 | |
| OBJECT_DEFINE_TYPE_WITH_INTERFACES(PefGuest,
 | |
|                                    pef_guest,
 | |
|                                    PEF_GUEST,
 | |
|                                    CONFIDENTIAL_GUEST_SUPPORT,
 | |
|                                    { TYPE_USER_CREATABLE },
 | |
|                                    { NULL })
 | |
| 
 | |
| static void pef_guest_class_init(ObjectClass *oc, void *data)
 | |
| {
 | |
| }
 | |
| 
 | |
| static void pef_guest_init(Object *obj)
 | |
| {
 | |
| }
 | |
| 
 | |
| static void pef_guest_finalize(Object *obj)
 | |
| {
 | |
| }
 |