diff options
Diffstat (limited to 'backends')
30 files changed, 6216 insertions, 0 deletions
diff --git a/backends/Kconfig b/backends/Kconfig new file mode 100644 index 000000000..f35abc160 --- /dev/null +++ b/backends/Kconfig @@ -0,0 +1 @@ +source tpm/Kconfig diff --git a/backends/confidential-guest-support.c b/backends/confidential-guest-support.c new file mode 100644 index 000000000..052fde8db --- /dev/null +++ b/backends/confidential-guest-support.c @@ -0,0 +1,33 @@ +/* + * QEMU Confidential Guest support + * + * Copyright Red Hat. + * + * Authors: + * David Gibson <david@gibson.dropbear.id.au> + * + * This work is licensed under the terms of the GNU GPL, version 2 or + * later. See the COPYING file in the top-level directory. + * + */ + +#include "qemu/osdep.h" + +#include "exec/confidential-guest-support.h" + +OBJECT_DEFINE_ABSTRACT_TYPE(ConfidentialGuestSupport, + confidential_guest_support, + CONFIDENTIAL_GUEST_SUPPORT, + OBJECT) + +static void confidential_guest_support_class_init(ObjectClass *oc, void *data) +{ +} + +static void confidential_guest_support_init(Object *obj) +{ +} + +static void confidential_guest_support_finalize(Object *obj) +{ +} diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c new file mode 100644 index 000000000..0671bf9f3 --- /dev/null +++ b/backends/cryptodev-builtin.c @@ -0,0 +1,391 @@ +/* + * QEMU Cryptodev backend for QEMU cipher APIs + * + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. + * + * Authors: + * Gonglei <arei.gonglei@huawei.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/>. + * + */ + +#include "qemu/osdep.h" +#include "sysemu/cryptodev.h" +#include "qapi/error.h" +#include "standard-headers/linux/virtio_crypto.h" +#include "crypto/cipher.h" +#include "qom/object.h" + + +/** + * @TYPE_CRYPTODEV_BACKEND_BUILTIN: + * name of backend that uses QEMU cipher API + */ +#define TYPE_CRYPTODEV_BACKEND_BUILTIN "cryptodev-backend-builtin" + +OBJECT_DECLARE_SIMPLE_TYPE(CryptoDevBackendBuiltin, CRYPTODEV_BACKEND_BUILTIN) + + +typedef struct CryptoDevBackendBuiltinSession { + QCryptoCipher *cipher; + uint8_t direction; /* encryption or decryption */ + uint8_t type; /* cipher? hash? aead? */ + QTAILQ_ENTRY(CryptoDevBackendBuiltinSession) next; +} CryptoDevBackendBuiltinSession; + +/* Max number of symmetric sessions */ +#define MAX_NUM_SESSIONS 256 + +#define CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN 512 +#define CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN 64 + +struct CryptoDevBackendBuiltin { + CryptoDevBackend parent_obj; + + CryptoDevBackendBuiltinSession *sessions[MAX_NUM_SESSIONS]; +}; + +static void cryptodev_builtin_init( + CryptoDevBackend *backend, Error **errp) +{ + /* Only support one queue */ + int queues = backend->conf.peers.queues; + CryptoDevBackendClient *cc; + + if (queues != 1) { + error_setg(errp, + "Only support one queue in cryptdov-builtin backend"); + return; + } + + cc = cryptodev_backend_new_client( + "cryptodev-builtin", NULL); + cc->info_str = g_strdup_printf("cryptodev-builtin0"); + cc->queue_index = 0; + cc->type = CRYPTODEV_BACKEND_TYPE_BUILTIN; + backend->conf.peers.ccs[0] = cc; + + backend->conf.crypto_services = + 1u << VIRTIO_CRYPTO_SERVICE_CIPHER | + 1u << VIRTIO_CRYPTO_SERVICE_HASH | + 1u << VIRTIO_CRYPTO_SERVICE_MAC; + backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC; + backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1; + /* + * Set the Maximum length of crypto request. + * Why this value? Just avoid to overflow when + * memory allocation for each crypto request. + */ + backend->conf.max_size = LONG_MAX - sizeof(CryptoDevBackendSymOpInfo); + backend->conf.max_cipher_key_len = CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN; + backend->conf.max_auth_key_len = CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN; + + cryptodev_backend_set_ready(backend, true); +} + +static int +cryptodev_builtin_get_unused_session_index( + CryptoDevBackendBuiltin *builtin) +{ + size_t i; + + for (i = 0; i < MAX_NUM_SESSIONS; i++) { + if (builtin->sessions[i] == NULL) { + return i; + } + } + + return -1; +} + +#define AES_KEYSIZE_128 16 +#define AES_KEYSIZE_192 24 +#define AES_KEYSIZE_256 32 +#define AES_KEYSIZE_128_XTS AES_KEYSIZE_256 +#define AES_KEYSIZE_256_XTS 64 + +static int +cryptodev_builtin_get_aes_algo(uint32_t key_len, int mode, Error **errp) +{ + int algo; + + if (key_len == AES_KEYSIZE_128) { + algo = QCRYPTO_CIPHER_ALG_AES_128; + } else if (key_len == AES_KEYSIZE_192) { + algo = QCRYPTO_CIPHER_ALG_AES_192; + } else if (key_len == AES_KEYSIZE_256) { /* equals AES_KEYSIZE_128_XTS */ + if (mode == QCRYPTO_CIPHER_MODE_XTS) { + algo = QCRYPTO_CIPHER_ALG_AES_128; + } else { + algo = QCRYPTO_CIPHER_ALG_AES_256; + } + } else if (key_len == AES_KEYSIZE_256_XTS) { + if (mode == QCRYPTO_CIPHER_MODE_XTS) { + algo = QCRYPTO_CIPHER_ALG_AES_256; + } else { + goto err; + } + } else { + goto err; + } + + return algo; + +err: + error_setg(errp, "Unsupported key length :%u", key_len); + return -1; +} + +static int cryptodev_builtin_create_cipher_session( + CryptoDevBackendBuiltin *builtin, + CryptoDevBackendSymSessionInfo *sess_info, + Error **errp) +{ + int algo; + int mode; + QCryptoCipher *cipher; + int index; + CryptoDevBackendBuiltinSession *sess; + + if (sess_info->op_type != VIRTIO_CRYPTO_SYM_OP_CIPHER) { + error_setg(errp, "Unsupported optype :%u", sess_info->op_type); + return -1; + } + + index = cryptodev_builtin_get_unused_session_index(builtin); + if (index < 0) { + error_setg(errp, "Total number of sessions created exceeds %u", + MAX_NUM_SESSIONS); + return -1; + } + + switch (sess_info->cipher_alg) { + case VIRTIO_CRYPTO_CIPHER_AES_ECB: + mode = QCRYPTO_CIPHER_MODE_ECB; + algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, + mode, errp); + if (algo < 0) { + return -1; + } + break; + case VIRTIO_CRYPTO_CIPHER_AES_CBC: + mode = QCRYPTO_CIPHER_MODE_CBC; + algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, + mode, errp); + if (algo < 0) { + return -1; + } + break; + case VIRTIO_CRYPTO_CIPHER_AES_CTR: + mode = QCRYPTO_CIPHER_MODE_CTR; + algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, + mode, errp); + if (algo < 0) { + return -1; + } + break; + case VIRTIO_CRYPTO_CIPHER_AES_XTS: + mode = QCRYPTO_CIPHER_MODE_XTS; + algo = cryptodev_builtin_get_aes_algo(sess_info->key_len, + mode, errp); + if (algo < 0) { + return -1; + } + break; + case VIRTIO_CRYPTO_CIPHER_3DES_ECB: + mode = QCRYPTO_CIPHER_MODE_ECB; + algo = QCRYPTO_CIPHER_ALG_3DES; + break; + case VIRTIO_CRYPTO_CIPHER_3DES_CBC: + mode = QCRYPTO_CIPHER_MODE_CBC; + algo = QCRYPTO_CIPHER_ALG_3DES; + break; + case VIRTIO_CRYPTO_CIPHER_3DES_CTR: + mode = QCRYPTO_CIPHER_MODE_CTR; + algo = QCRYPTO_CIPHER_ALG_3DES; + break; + default: + error_setg(errp, "Unsupported cipher alg :%u", + sess_info->cipher_alg); + return -1; + } + + cipher = qcrypto_cipher_new(algo, mode, + sess_info->cipher_key, + sess_info->key_len, + errp); + if (!cipher) { + return -1; + } + + sess = g_new0(CryptoDevBackendBuiltinSession, 1); + sess->cipher = cipher; + sess->direction = sess_info->direction; + sess->type = sess_info->op_type; + + builtin->sessions[index] = sess; + + return index; +} + +static int64_t cryptodev_builtin_sym_create_session( + CryptoDevBackend *backend, + CryptoDevBackendSymSessionInfo *sess_info, + uint32_t queue_index, Error **errp) +{ + CryptoDevBackendBuiltin *builtin = + CRYPTODEV_BACKEND_BUILTIN(backend); + int64_t session_id = -1; + int ret; + + switch (sess_info->op_code) { + case VIRTIO_CRYPTO_CIPHER_CREATE_SESSION: + ret = cryptodev_builtin_create_cipher_session( + builtin, sess_info, errp); + if (ret < 0) { + return ret; + } else { + session_id = ret; + } + break; + case VIRTIO_CRYPTO_HASH_CREATE_SESSION: + case VIRTIO_CRYPTO_MAC_CREATE_SESSION: + default: + error_setg(errp, "Unsupported opcode :%" PRIu32 "", + sess_info->op_code); + return -1; + } + + return session_id; +} + +static int cryptodev_builtin_sym_close_session( + CryptoDevBackend *backend, + uint64_t session_id, + uint32_t queue_index, Error **errp) +{ + CryptoDevBackendBuiltin *builtin = + CRYPTODEV_BACKEND_BUILTIN(backend); + + assert(session_id < MAX_NUM_SESSIONS && builtin->sessions[session_id]); + + qcrypto_cipher_free(builtin->sessions[session_id]->cipher); + g_free(builtin->sessions[session_id]); + builtin->sessions[session_id] = NULL; + return 0; +} + +static int cryptodev_builtin_sym_operation( + CryptoDevBackend *backend, + CryptoDevBackendSymOpInfo *op_info, + uint32_t queue_index, Error **errp) +{ + CryptoDevBackendBuiltin *builtin = + CRYPTODEV_BACKEND_BUILTIN(backend); + CryptoDevBackendBuiltinSession *sess; + int ret; + + if (op_info->session_id >= MAX_NUM_SESSIONS || + builtin->sessions[op_info->session_id] == NULL) { + error_setg(errp, "Cannot find a valid session id: %" PRIu64 "", + op_info->session_id); + return -VIRTIO_CRYPTO_INVSESS; + } + + if (op_info->op_type == VIRTIO_CRYPTO_SYM_OP_ALGORITHM_CHAINING) { + error_setg(errp, + "Algorithm chain is unsupported for cryptdoev-builtin"); + return -VIRTIO_CRYPTO_NOTSUPP; + } + + sess = builtin->sessions[op_info->session_id]; + + if (op_info->iv_len > 0) { + ret = qcrypto_cipher_setiv(sess->cipher, op_info->iv, + op_info->iv_len, errp); + if (ret < 0) { + return -VIRTIO_CRYPTO_ERR; + } + } + + if (sess->direction == VIRTIO_CRYPTO_OP_ENCRYPT) { + ret = qcrypto_cipher_encrypt(sess->cipher, op_info->src, + op_info->dst, op_info->src_len, errp); + if (ret < 0) { + return -VIRTIO_CRYPTO_ERR; + } + } else { + ret = qcrypto_cipher_decrypt(sess->cipher, op_info->src, + op_info->dst, op_info->src_len, errp); + if (ret < 0) { + return -VIRTIO_CRYPTO_ERR; + } + } + return VIRTIO_CRYPTO_OK; +} + +static void cryptodev_builtin_cleanup( + CryptoDevBackend *backend, + Error **errp) +{ + CryptoDevBackendBuiltin *builtin = + CRYPTODEV_BACKEND_BUILTIN(backend); + size_t i; + int queues = backend->conf.peers.queues; + CryptoDevBackendClient *cc; + + for (i = 0; i < MAX_NUM_SESSIONS; i++) { + if (builtin->sessions[i] != NULL) { + cryptodev_builtin_sym_close_session(backend, i, 0, &error_abort); + } + } + + for (i = 0; i < queues; i++) { + cc = backend->conf.peers.ccs[i]; + if (cc) { + cryptodev_backend_free_client(cc); + backend->conf.peers.ccs[i] = NULL; + } + } + + cryptodev_backend_set_ready(backend, false); +} + +static void +cryptodev_builtin_class_init(ObjectClass *oc, void *data) +{ + CryptoDevBackendClass *bc = CRYPTODEV_BACKEND_CLASS(oc); + + bc->init = cryptodev_builtin_init; + bc->cleanup = cryptodev_builtin_cleanup; + bc->create_session = cryptodev_builtin_sym_create_session; + bc->close_session = cryptodev_builtin_sym_close_session; + bc->do_sym_op = cryptodev_builtin_sym_operation; +} + +static const TypeInfo cryptodev_builtin_info = { + .name = TYPE_CRYPTODEV_BACKEND_BUILTIN, + .parent = TYPE_CRYPTODEV_BACKEND, + .class_init = cryptodev_builtin_class_init, + .instance_size = sizeof(CryptoDevBackendBuiltin), +}; + +static void +cryptodev_builtin_register_types(void) +{ + type_register_static(&cryptodev_builtin_info); +} + +type_init(cryptodev_builtin_register_types); diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c new file mode 100644 index 000000000..bedb45247 --- /dev/null +++ b/backends/cryptodev-vhost-user.c @@ -0,0 +1,378 @@ +/* + * QEMU Cryptodev backend for QEMU cipher APIs + * + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. + * + * Authors: + * Gonglei <arei.gonglei@huawei.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/>. + * + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "qapi/qmp/qerror.h" +#include "qemu/error-report.h" +#include "hw/virtio/vhost-user.h" +#include "standard-headers/linux/virtio_crypto.h" +#include "sysemu/cryptodev-vhost.h" +#include "chardev/char-fe.h" +#include "sysemu/cryptodev-vhost-user.h" +#include "qom/object.h" + + +/** + * @TYPE_CRYPTODEV_BACKEND_VHOST_USER: + * name of backend that uses vhost user server + */ +#define TYPE_CRYPTODEV_BACKEND_VHOST_USER "cryptodev-vhost-user" + +OBJECT_DECLARE_SIMPLE_TYPE(CryptoDevBackendVhostUser, CRYPTODEV_BACKEND_VHOST_USER) + + +struct CryptoDevBackendVhostUser { + CryptoDevBackend parent_obj; + + VhostUserState vhost_user; + CharBackend chr; + char *chr_name; + bool opened; + CryptoDevBackendVhost *vhost_crypto[MAX_CRYPTO_QUEUE_NUM]; +}; + +static int +cryptodev_vhost_user_running( + CryptoDevBackendVhost *crypto) +{ + return crypto ? 1 : 0; +} + +CryptoDevBackendVhost * +cryptodev_vhost_user_get_vhost( + CryptoDevBackendClient *cc, + CryptoDevBackend *b, + uint16_t queue) +{ + CryptoDevBackendVhostUser *s = + CRYPTODEV_BACKEND_VHOST_USER(b); + assert(cc->type == CRYPTODEV_BACKEND_TYPE_VHOST_USER); + assert(queue < MAX_CRYPTO_QUEUE_NUM); + + return s->vhost_crypto[queue]; +} + +static void cryptodev_vhost_user_stop(int queues, + CryptoDevBackendVhostUser *s) +{ + size_t i; + + for (i = 0; i < queues; i++) { + if (!cryptodev_vhost_user_running(s->vhost_crypto[i])) { + continue; + } + + cryptodev_vhost_cleanup(s->vhost_crypto[i]); + s->vhost_crypto[i] = NULL; + } +} + +static int +cryptodev_vhost_user_start(int queues, + CryptoDevBackendVhostUser *s) +{ + CryptoDevBackendVhostOptions options; + CryptoDevBackend *b = CRYPTODEV_BACKEND(s); + int max_queues; + size_t i; + + for (i = 0; i < queues; i++) { + if (cryptodev_vhost_user_running(s->vhost_crypto[i])) { + continue; + } + + options.opaque = &s->vhost_user; + options.backend_type = VHOST_BACKEND_TYPE_USER; + options.cc = b->conf.peers.ccs[i]; + s->vhost_crypto[i] = cryptodev_vhost_init(&options); + if (!s->vhost_crypto[i]) { + error_report("failed to init vhost_crypto for queue %zu", i); + goto err; + } + + if (i == 0) { + max_queues = + cryptodev_vhost_get_max_queues(s->vhost_crypto[i]); + if (queues > max_queues) { + error_report("you are asking more queues than supported: %d", + max_queues); + goto err; + } + } + } + + return 0; + +err: + cryptodev_vhost_user_stop(i + 1, s); + return -1; +} + +static Chardev * +cryptodev_vhost_claim_chardev(CryptoDevBackendVhostUser *s, + Error **errp) +{ + Chardev *chr; + + if (s->chr_name == NULL) { + error_setg(errp, QERR_INVALID_PARAMETER_VALUE, + "chardev", "a valid character device"); + return NULL; + } + + chr = qemu_chr_find(s->chr_name); + if (chr == NULL) { + error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, + "Device '%s' not found", s->chr_name); + return NULL; + } + + return chr; +} + +static void cryptodev_vhost_user_event(void *opaque, QEMUChrEvent event) +{ + CryptoDevBackendVhostUser *s = opaque; + CryptoDevBackend *b = CRYPTODEV_BACKEND(s); + int queues = b->conf.peers.queues; + + assert(queues < MAX_CRYPTO_QUEUE_NUM); + + switch (event) { + case CHR_EVENT_OPENED: + if (cryptodev_vhost_user_start(queues, s) < 0) { + exit(1); + } + b->ready = true; + break; + case CHR_EVENT_CLOSED: + b->ready = false; + cryptodev_vhost_user_stop(queues, s); + break; + case CHR_EVENT_BREAK: + case CHR_EVENT_MUX_IN: + case CHR_EVENT_MUX_OUT: + /* Ignore */ + break; + } +} + +static void cryptodev_vhost_user_init( + CryptoDevBackend *backend, Error **errp) +{ + int queues = backend->conf.peers.queues; + size_t i; + Error *local_err = NULL; + Chardev *chr; + CryptoDevBackendClient *cc; + CryptoDevBackendVhostUser *s = + CRYPTODEV_BACKEND_VHOST_USER(backend); + + chr = cryptodev_vhost_claim_chardev(s, &local_err); + if (local_err) { + error_propagate(errp, local_err); + return; + } + + s->opened = true; + + for (i = 0; i < queues; i++) { + cc = cryptodev_backend_new_client( + "cryptodev-vhost-user", NULL); + cc->info_str = g_strdup_printf("cryptodev-vhost-user%zu to %s ", + i, chr->label); + cc->queue_index = i; + cc->type = CRYPTODEV_BACKEND_TYPE_VHOST_USER; + + backend->conf.peers.ccs[i] = cc; + + if (i == 0) { + if (!qemu_chr_fe_init(&s->chr, chr, errp)) { + return; + } + } + } + + if (!vhost_user_init(&s->vhost_user, &s->chr, errp)) { + return; + } + + qemu_chr_fe_set_handlers(&s->chr, NULL, NULL, + cryptodev_vhost_user_event, NULL, s, NULL, true); + + backend->conf.crypto_services = + 1u << VIRTIO_CRYPTO_SERVICE_CIPHER | + 1u << VIRTIO_CRYPTO_SERVICE_HASH | + 1u << VIRTIO_CRYPTO_SERVICE_MAC; + backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC; + backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1; + + backend->conf.max_size = UINT64_MAX; + backend->conf.max_cipher_key_len = VHOST_USER_MAX_CIPHER_KEY_LEN; + backend->conf.max_auth_key_len = VHOST_USER_MAX_AUTH_KEY_LEN; +} + +static int64_t cryptodev_vhost_user_sym_create_session( + CryptoDevBackend *backend, + CryptoDevBackendSymSessionInfo *sess_info, + uint32_t queue_index, Error **errp) +{ + CryptoDevBackendClient *cc = + backend->conf.peers.ccs[queue_index]; + CryptoDevBackendVhost *vhost_crypto; + uint64_t session_id = 0; + int ret; + + vhost_crypto = cryptodev_vhost_user_get_vhost(cc, backend, queue_index); + if (vhost_crypto) { + struct vhost_dev *dev = &(vhost_crypto->dev); + ret = dev->vhost_ops->vhost_crypto_create_session(dev, + sess_info, + &session_id); + if (ret < 0) { + return -1; + } else { + return session_id; + } + } + return -1; +} + +static int cryptodev_vhost_user_sym_close_session( + CryptoDevBackend *backend, + uint64_t session_id, + uint32_t queue_index, Error **errp) +{ + CryptoDevBackendClient *cc = + backend->conf.peers.ccs[queue_index]; + CryptoDevBackendVhost *vhost_crypto; + int ret; + + vhost_crypto = cryptodev_vhost_user_get_vhost(cc, backend, queue_index); + if (vhost_crypto) { + struct vhost_dev *dev = &(vhost_crypto->dev); + ret = dev->vhost_ops->vhost_crypto_close_session(dev, + session_id); + if (ret < 0) { + return -1; + } else { + return 0; + } + } + return -1; +} + +static void cryptodev_vhost_user_cleanup( + CryptoDevBackend *backend, + Error **errp) +{ + CryptoDevBackendVhostUser *s = + CRYPTODEV_BACKEND_VHOST_USER(backend); + size_t i; + int queues = backend->conf.peers.queues; + CryptoDevBackendClient *cc; + + cryptodev_vhost_user_stop(queues, s); + + for (i = 0; i < queues; i++) { + cc = backend->conf.peers.ccs[i]; + if (cc) { + cryptodev_backend_free_client(cc); + backend->conf.peers.ccs[i] = NULL; + } + } + + vhost_user_cleanup(&s->vhost_user); +} + +static void cryptodev_vhost_user_set_chardev(Object *obj, + const char *value, Error **errp) +{ + CryptoDevBackendVhostUser *s = + CRYPTODEV_BACKEND_VHOST_USER(obj); + + if (s->opened) { + error_setg(errp, QERR_PERMISSION_DENIED); + } else { + g_free(s->chr_name); + s->chr_name = g_strdup(value); + } +} + +static char * +cryptodev_vhost_user_get_chardev(Object *obj, Error **errp) +{ + CryptoDevBackendVhostUser *s = + CRYPTODEV_BACKEND_VHOST_USER(obj); + Chardev *chr = qemu_chr_fe_get_driver(&s->chr); + + if (chr && chr->label) { + return g_strdup(chr->label); + } + + return NULL; +} + +static void cryptodev_vhost_user_finalize(Object *obj) +{ + CryptoDevBackendVhostUser *s = + CRYPTODEV_BACKEND_VHOST_USER(obj); + + qemu_chr_fe_deinit(&s->chr, false); + + g_free(s->chr_name); +} + +static void +cryptodev_vhost_user_class_init(ObjectClass *oc, void *data) +{ + CryptoDevBackendClass *bc = CRYPTODEV_BACKEND_CLASS(oc); + + bc->init = cryptodev_vhost_user_init; + bc->cleanup = cryptodev_vhost_user_cleanup; + bc->create_session = cryptodev_vhost_user_sym_create_session; + bc->close_session = cryptodev_vhost_user_sym_close_session; + bc->do_sym_op = NULL; + + object_class_property_add_str(oc, "chardev", + cryptodev_vhost_user_get_chardev, + cryptodev_vhost_user_set_chardev); + +} + +static const TypeInfo cryptodev_vhost_user_info = { + .name = TYPE_CRYPTODEV_BACKEND_VHOST_USER, + .parent = TYPE_CRYPTODEV_BACKEND, + .class_init = cryptodev_vhost_user_class_init, + .instance_finalize = cryptodev_vhost_user_finalize, + .instance_size = sizeof(CryptoDevBackendVhostUser), +}; + +static void +cryptodev_vhost_user_register_types(void) +{ + type_register_static(&cryptodev_vhost_user_info); +} + +type_init(cryptodev_vhost_user_register_types); diff --git a/backends/cryptodev-vhost.c b/backends/cryptodev-vhost.c new file mode 100644 index 000000000..bc13e466b --- /dev/null +++ b/backends/cryptodev-vhost.c @@ -0,0 +1,350 @@ +/* + * QEMU Cryptodev backend for QEMU cipher APIs + * + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. + * + * Authors: + * Gonglei <arei.gonglei@huawei.com> + * Jay Zhou <jianjay.zhou@huawei.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/>. + * + */ + +#include "qemu/osdep.h" +#include "hw/virtio/virtio-bus.h" +#include "sysemu/cryptodev-vhost.h" + +#ifdef CONFIG_VHOST_CRYPTO +#include "qapi/error.h" +#include "qapi/qmp/qerror.h" +#include "qemu/error-report.h" +#include "hw/virtio/virtio-crypto.h" +#include "sysemu/cryptodev-vhost-user.h" + +uint64_t +cryptodev_vhost_get_max_queues( + CryptoDevBackendVhost *crypto) +{ + return crypto->dev.max_queues; +} + +void cryptodev_vhost_cleanup(CryptoDevBackendVhost *crypto) +{ + vhost_dev_cleanup(&crypto->dev); + g_free(crypto); +} + +struct CryptoDevBackendVhost * +cryptodev_vhost_init( + CryptoDevBackendVhostOptions *options) +{ + int r; + CryptoDevBackendVhost *crypto; + Error *local_err = NULL; + + crypto = g_new(CryptoDevBackendVhost, 1); + crypto->dev.max_queues = 1; + crypto->dev.nvqs = 1; + crypto->dev.vqs = crypto->vqs; + + crypto->cc = options->cc; + + crypto->dev.protocol_features = 0; + crypto->backend = -1; + + /* vhost-user needs vq_index to initiate a specific queue pair */ + crypto->dev.vq_index = crypto->cc->queue_index * crypto->dev.nvqs; + + r = vhost_dev_init(&crypto->dev, options->opaque, options->backend_type, 0, + &local_err); + if (r < 0) { + error_report_err(local_err); + goto fail; + } + + return crypto; +fail: + g_free(crypto); + return NULL; +} + +static int +cryptodev_vhost_start_one(CryptoDevBackendVhost *crypto, + VirtIODevice *dev) +{ + int r; + + crypto->dev.nvqs = 1; + crypto->dev.vqs = crypto->vqs; + + r = vhost_dev_enable_notifiers(&crypto->dev, dev); + if (r < 0) { + goto fail_notifiers; + } + + r = vhost_dev_start(&crypto->dev, dev); + if (r < 0) { + goto fail_start; + } + + return 0; + +fail_start: + vhost_dev_disable_notifiers(&crypto->dev, dev); +fail_notifiers: + return r; +} + +static void +cryptodev_vhost_stop_one(CryptoDevBackendVhost *crypto, + VirtIODevice *dev) +{ + vhost_dev_stop(&crypto->dev, dev); + vhost_dev_disable_notifiers(&crypto->dev, dev); +} + +CryptoDevBackendVhost * +cryptodev_get_vhost(CryptoDevBackendClient *cc, + CryptoDevBackend *b, + uint16_t queue) +{ + CryptoDevBackendVhost *vhost_crypto = NULL; + + if (!cc) { + return NULL; + } + + switch (cc->type) { +#if defined(CONFIG_VHOST_USER) && defined(CONFIG_LINUX) + case CRYPTODEV_BACKEND_TYPE_VHOST_USER: + vhost_crypto = cryptodev_vhost_user_get_vhost(cc, b, queue); + break; +#endif + default: + break; + } + + return vhost_crypto; +} + +static void +cryptodev_vhost_set_vq_index(CryptoDevBackendVhost *crypto, + int vq_index) +{ + crypto->dev.vq_index = vq_index; +} + +static int +vhost_set_vring_enable(CryptoDevBackendClient *cc, + CryptoDevBackend *b, + uint16_t queue, int enable) +{ + CryptoDevBackendVhost *crypto = + cryptodev_get_vhost(cc, b, queue); + const VhostOps *vhost_ops; + + cc->vring_enable = enable; + + if (!crypto) { + return 0; + } + + vhost_ops = crypto->dev.vhost_ops; + if (vhost_ops->vhost_set_vring_enable) { + return vhost_ops->vhost_set_vring_enable(&crypto->dev, enable); + } + + return 0; +} + +int cryptodev_vhost_start(VirtIODevice *dev, int total_queues) +{ + VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(dev); + BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(dev))); + VirtioBusState *vbus = VIRTIO_BUS(qbus); + VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus); + int r, e; + int i; + CryptoDevBackend *b = vcrypto->cryptodev; + CryptoDevBackendVhost *vhost_crypto; + CryptoDevBackendClient *cc; + + if (!k->set_guest_notifiers) { + error_report("binding does not support guest notifiers"); + return -ENOSYS; + } + + for (i = 0; i < total_queues; i++) { + cc = b->conf.peers.ccs[i]; + + vhost_crypto = cryptodev_get_vhost(cc, b, i); + cryptodev_vhost_set_vq_index(vhost_crypto, i); + + /* Suppress the masking guest notifiers on vhost user + * because vhost user doesn't interrupt masking/unmasking + * properly. + */ + if (cc->type == CRYPTODEV_BACKEND_TYPE_VHOST_USER) { + dev->use_guest_notifier_mask = false; + } + } + + r = k->set_guest_notifiers(qbus->parent, total_queues, true); + if (r < 0) { + error_report("error binding guest notifier: %d", -r); + goto err; + } + + for (i = 0; i < total_queues; i++) { + cc = b->conf.peers.ccs[i]; + + vhost_crypto = cryptodev_get_vhost(cc, b, i); + r = cryptodev_vhost_start_one(vhost_crypto, dev); + + if (r < 0) { + goto err_start; + } + + if (cc->vring_enable) { + /* restore vring enable state */ + r = vhost_set_vring_enable(cc, b, i, cc->vring_enable); + + if (r < 0) { + goto err_start; + } + } + } + + return 0; + +err_start: + while (--i >= 0) { + cc = b->conf.peers.ccs[i]; + vhost_crypto = cryptodev_get_vhost(cc, b, i); + cryptodev_vhost_stop_one(vhost_crypto, dev); + } + e = k->set_guest_notifiers(qbus->parent, total_queues, false); + if (e < 0) { + error_report("vhost guest notifier cleanup failed: %d", e); + } +err: + return r; +} + +void cryptodev_vhost_stop(VirtIODevice *dev, int total_queues) +{ + BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(dev))); + VirtioBusState *vbus = VIRTIO_BUS(qbus); + VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(vbus); + VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(dev); + CryptoDevBackend *b = vcrypto->cryptodev; + CryptoDevBackendVhost *vhost_crypto; + CryptoDevBackendClient *cc; + size_t i; + int r; + + for (i = 0; i < total_queues; i++) { + cc = b->conf.peers.ccs[i]; + + vhost_crypto = cryptodev_get_vhost(cc, b, i); + cryptodev_vhost_stop_one(vhost_crypto, dev); + } + + r = k->set_guest_notifiers(qbus->parent, total_queues, false); + if (r < 0) { + error_report("vhost guest notifier cleanup failed: %d", r); + } + assert(r >= 0); +} + +void cryptodev_vhost_virtqueue_mask(VirtIODevice *dev, + int queue, + int idx, bool mask) +{ + VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(dev); + CryptoDevBackend *b = vcrypto->cryptodev; + CryptoDevBackendVhost *vhost_crypto; + CryptoDevBackendClient *cc; + + assert(queue < MAX_CRYPTO_QUEUE_NUM); + + cc = b->conf.peers.ccs[queue]; + vhost_crypto = cryptodev_get_vhost(cc, b, queue); + + vhost_virtqueue_mask(&vhost_crypto->dev, dev, idx, mask); +} + +bool cryptodev_vhost_virtqueue_pending(VirtIODevice *dev, + int queue, int idx) +{ + VirtIOCrypto *vcrypto = VIRTIO_CRYPTO(dev); + CryptoDevBackend *b = vcrypto->cryptodev; + CryptoDevBackendVhost *vhost_crypto; + CryptoDevBackendClient *cc; + + assert(queue < MAX_CRYPTO_QUEUE_NUM); + + cc = b->conf.peers.ccs[queue]; + vhost_crypto = cryptodev_get_vhost(cc, b, queue); + + return vhost_virtqueue_pending(&vhost_crypto->dev, idx); +} + +#else +uint64_t +cryptodev_vhost_get_max_queues(CryptoDevBackendVhost *crypto) +{ + return 0; +} + +void cryptodev_vhost_cleanup(CryptoDevBackendVhost *crypto) +{ +} + +struct CryptoDevBackendVhost * +cryptodev_vhost_init(CryptoDevBackendVhostOptions *options) +{ + return NULL; +} + +CryptoDevBackendVhost * +cryptodev_get_vhost(CryptoDevBackendClient *cc, + CryptoDevBackend *b, + uint16_t queue) +{ + return NULL; +} + +int cryptodev_vhost_start(VirtIODevice *dev, int total_queues) +{ + return -1; +} + +void cryptodev_vhost_stop(VirtIODevice *dev, int total_queues) +{ +} + +void cryptodev_vhost_virtqueue_mask(VirtIODevice *dev, + int queue, + int idx, bool mask) +{ +} + +bool cryptodev_vhost_virtqueue_pending(VirtIODevice *dev, + int queue, int idx) +{ + return false; +} +#endif diff --git a/backends/cryptodev.c b/backends/cryptodev.c new file mode 100644 index 000000000..bf5247616 --- /dev/null +++ b/backends/cryptodev.c @@ -0,0 +1,255 @@ +/* + * QEMU Crypto Device Implementation + * + * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD. + * + * Authors: + * Gonglei <arei.gonglei@huawei.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/>. + * + */ + +#include "qemu/osdep.h" +#include "sysemu/cryptodev.h" +#include "qapi/error.h" +#include "qapi/visitor.h" +#include "qemu/config-file.h" +#include "qom/object_interfaces.h" +#include "hw/virtio/virtio-crypto.h" + + +static QTAILQ_HEAD(, CryptoDevBackendClient) crypto_clients; + + +CryptoDevBackendClient * +cryptodev_backend_new_client(const char *model, + const char *name) +{ + CryptoDevBackendClient *cc; + + cc = g_malloc0(sizeof(CryptoDevBackendClient)); + cc->model = g_strdup(model); + if (name) { + cc->name = g_strdup(name); + } + + QTAILQ_INSERT_TAIL(&crypto_clients, cc, next); + + return cc; +} + +void cryptodev_backend_free_client( + CryptoDevBackendClient *cc) +{ + QTAILQ_REMOVE(&crypto_clients, cc, next); + g_free(cc->name); + g_free(cc->model); + g_free(cc->info_str); + g_free(cc); +} + +void cryptodev_backend_cleanup( + CryptoDevBackend *backend, + Error **errp) +{ + CryptoDevBackendClass *bc = + CRYPTODEV_BACKEND_GET_CLASS(backend); + + if (bc->cleanup) { + bc->cleanup(backend, errp); + } +} + +int64_t cryptodev_backend_sym_create_session( + CryptoDevBackend *backend, + CryptoDevBackendSymSessionInfo *sess_info, + uint32_t queue_index, Error **errp) +{ + CryptoDevBackendClass *bc = + CRYPTODEV_BACKEND_GET_CLASS(backend); + + if (bc->create_session) { + return bc->create_session(backend, sess_info, queue_index, errp); + } + + return -1; +} + +int cryptodev_backend_sym_close_session( + CryptoDevBackend *backend, + uint64_t session_id, + uint32_t queue_index, Error **errp) +{ + CryptoDevBackendClass *bc = + CRYPTODEV_BACKEND_GET_CLASS(backend); + + if (bc->close_session) { + return bc->close_session(backend, session_id, queue_index, errp); + } + + return -1; +} + +static int cryptodev_backend_sym_operation( + CryptoDevBackend *backend, + CryptoDevBackendSymOpInfo *op_info, + uint32_t queue_index, Error **errp) +{ + CryptoDevBackendClass *bc = + CRYPTODEV_BACKEND_GET_CLASS(backend); + + if (bc->do_sym_op) { + return bc->do_sym_op(backend, op_info, queue_index, errp); + } + + return -VIRTIO_CRYPTO_ERR; +} + +int cryptodev_backend_crypto_operation( + CryptoDevBackend *backend, + void *opaque, + uint32_t queue_index, Error **errp) +{ + VirtIOCryptoReq *req = opaque; + + if (req->flags == CRYPTODEV_BACKEND_ALG_SYM) { + CryptoDevBackendSymOpInfo *op_info; + op_info = req->u.sym_op_info; + + return cryptodev_backend_sym_operation(backend, + op_info, queue_index, errp); + } else { + error_setg(errp, "Unsupported cryptodev alg type: %" PRIu32 "", + req->flags); + return -VIRTIO_CRYPTO_NOTSUPP; + } + + return -VIRTIO_CRYPTO_ERR; +} + +static void +cryptodev_backend_get_queues(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + CryptoDevBackend *backend = CRYPTODEV_BACKEND(obj); + uint32_t value = backend->conf.peers.queues; + + visit_type_uint32(v, name, &value, errp); +} + +static void +cryptodev_backend_set_queues(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + CryptoDevBackend *backend = CRYPTODEV_BACKEND(obj); + uint32_t value; + + if (!visit_type_uint32(v, name, &value, errp)) { + return; + } + if (!value) { + error_setg(errp, "Property '%s.%s' doesn't take value '%" PRIu32 "'", + object_get_typename(obj), name, value); + return; + } + backend->conf.peers.queues = value; +} + +static void +cryptodev_backend_complete(UserCreatable *uc, Error **errp) +{ + CryptoDevBackend *backend = CRYPTODEV_BACKEND(uc); + CryptoDevBackendClass *bc = CRYPTODEV_BACKEND_GET_CLASS(uc); + + if (bc->init) { + bc->init(backend, errp); + } +} + +void cryptodev_backend_set_used(CryptoDevBackend *backend, bool used) +{ + backend->is_used = used; +} + +bool cryptodev_backend_is_used(CryptoDevBackend *backend) +{ + return backend->is_used; +} + +void cryptodev_backend_set_ready(CryptoDevBackend *backend, bool ready) +{ + backend->ready = ready; +} + +bool cryptodev_backend_is_ready(CryptoDevBackend *backend) +{ + return backend->ready; +} + +static bool +cryptodev_backend_can_be_deleted(UserCreatable *uc) +{ + return !cryptodev_backend_is_used(CRYPTODEV_BACKEND(uc)); +} + +static void cryptodev_backend_instance_init(Object *obj) +{ + /* Initialize devices' queues property to 1 */ + object_property_set_int(obj, "queues", 1, NULL); +} + +static void cryptodev_backend_finalize(Object *obj) +{ + CryptoDevBackend *backend = CRYPTODEV_BACKEND(obj); + + cryptodev_backend_cleanup(backend, NULL); +} + +static void +cryptodev_backend_class_init(ObjectClass *oc, void *data) +{ + UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc); + + ucc->complete = cryptodev_backend_complete; + ucc->can_be_deleted = cryptodev_backend_can_be_deleted; + + QTAILQ_INIT(&crypto_clients); + object_class_property_add(oc, "queues", "uint32", + cryptodev_backend_get_queues, + cryptodev_backend_set_queues, + NULL, NULL); +} + +static const TypeInfo cryptodev_backend_info = { + .name = TYPE_CRYPTODEV_BACKEND, + .parent = TYPE_OBJECT, + .instance_size = sizeof(CryptoDevBackend), + .instance_init = cryptodev_backend_instance_init, + .instance_finalize = cryptodev_backend_finalize, + .class_size = sizeof(CryptoDevBackendClass), + .class_init = cryptodev_backend_class_init, + .interfaces = (InterfaceInfo[]) { + { TYPE_USER_CREATABLE }, + { } + } +}; + +static void +cryptodev_backend_register_types(void) +{ + type_register_static(&cryptodev_backend_info); +} + +type_init(cryptodev_backend_register_types); diff --git a/backends/dbus-vmstate.c b/backends/dbus-vmstate.c new file mode 100644 index 000000000..9cfd758c4 --- /dev/null +++ b/backends/dbus-vmstate.c @@ -0,0 +1,517 @@ +/* + * QEMU dbus-vmstate + * + * Copyright (C) 2019 Red Hat Inc + * + * Authors: + * Marc-André Lureau <marcandre.lureau@redhat.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "qemu/units.h" +#include "qemu/dbus.h" +#include "qemu/error-report.h" +#include "qapi/error.h" +#include "qom/object_interfaces.h" +#include "qapi/qmp/qerror.h" +#include "migration/vmstate.h" +#include "trace.h" +#include "qom/object.h" + + +#define TYPE_DBUS_VMSTATE "dbus-vmstate" +OBJECT_DECLARE_SIMPLE_TYPE(DBusVMState, + DBUS_VMSTATE) + + +struct DBusVMState { + Object parent; + + GDBusConnection *bus; + char *dbus_addr; + char *id_list; + + uint32_t data_size; + uint8_t *data; +}; + +static const GDBusPropertyInfo vmstate_property_info[] = { + { -1, (char *) "Id", (char *) "s", + G_DBUS_PROPERTY_INFO_FLAGS_READABLE, NULL }, +}; + +static const GDBusPropertyInfo * const vmstate_property_info_pointers[] = { + &vmstate_property_info[0], + NULL +}; + +static const GDBusInterfaceInfo vmstate1_interface_info = { + -1, + (char *) "org.qemu.VMState1", + (GDBusMethodInfo **) NULL, + (GDBusSignalInfo **) NULL, + (GDBusPropertyInfo **) &vmstate_property_info_pointers, + NULL, +}; + +#define DBUS_VMSTATE_SIZE_LIMIT (1 * MiB) + +static GHashTable * +get_id_list_set(DBusVMState *self) +{ + g_auto(GStrv) ids = NULL; + g_autoptr(GHashTable) set = NULL; + int i; + + if (!self->id_list) { + return NULL; + } + + ids = g_strsplit(self->id_list, ",", -1); + set = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, NULL); + for (i = 0; ids[i]; i++) { + g_hash_table_add(set, ids[i]); + ids[i] = NULL; + } + + return g_steal_pointer(&set); +} + +static GHashTable * +dbus_get_proxies(DBusVMState *self, GError **err) +{ + g_autoptr(GHashTable) proxies = NULL; + g_autoptr(GHashTable) ids = NULL; + g_auto(GStrv) names = NULL; + Error *error = NULL; + size_t i; + + ids = get_id_list_set(self); + proxies = g_hash_table_new_full(g_str_hash, g_str_equal, + g_free, g_object_unref); + + names = qemu_dbus_get_queued_owners(self->bus, "org.qemu.VMState1", &error); + if (!names) { + g_set_error(err, G_IO_ERROR, G_IO_ERROR_FAILED, "%s", + error_get_pretty(error)); + error_free(error); + return NULL; + } + + for (i = 0; names[i]; i++) { + g_autoptr(GDBusProxy) proxy = NULL; + g_autoptr(GVariant) result = NULL; + g_autofree char *id = NULL; + size_t size; + + proxy = g_dbus_proxy_new_sync(self->bus, G_DBUS_PROXY_FLAGS_NONE, + (GDBusInterfaceInfo *) &vmstate1_interface_info, + names[i], + "/org/qemu/VMState1", + "org.qemu.VMState1", + NULL, err); + if (!proxy) { + return NULL; + } + + result = g_dbus_proxy_get_cached_property(proxy, "Id"); + if (!result) { + g_set_error_literal(err, G_IO_ERROR, G_IO_ERROR_FAILED, + "VMState Id property is missing."); + return NULL; + } + + id = g_variant_dup_string(result, &size); + if (ids && !g_hash_table_remove(ids, id)) { + g_clear_pointer(&id, g_free); + g_clear_object(&proxy); + continue; + } + if (size == 0 || size >= 256) { + g_set_error(err, G_IO_ERROR, G_IO_ERROR_FAILED, + "VMState Id '%s' is invalid.", id); + return NULL; + } + + if (!g_hash_table_insert(proxies, id, proxy)) { + g_set_error(err, G_IO_ERROR, G_IO_ERROR_FAILED, + "Duplicated VMState Id '%s'", id); + return NULL; + } + id = NULL; + proxy = NULL; + + g_clear_pointer(&result, g_variant_unref); + } + + if (ids) { + g_autofree char **left = NULL; + + left = (char **)g_hash_table_get_keys_as_array(ids, NULL); + if (*left) { + g_autofree char *leftids = g_strjoinv(",", left); + g_set_error(err, G_IO_ERROR, G_IO_ERROR_FAILED, + "Required VMState Id are missing: %s", leftids); + return NULL; + } + } + + return g_steal_pointer(&proxies); +} + +static int +dbus_load_state_proxy(GDBusProxy *proxy, const uint8_t *data, size_t size) +{ + g_autoptr(GError) err = NULL; + g_autoptr(GVariant) result = NULL; + g_autoptr(GVariant) value = NULL; + + value = g_variant_new_fixed_array(G_VARIANT_TYPE_BYTE, + data, size, sizeof(char)); + result = g_dbus_proxy_call_sync(proxy, "Load", + g_variant_new("(@ay)", + g_steal_pointer(&value)), + G_DBUS_CALL_FLAGS_NO_AUTO_START, + -1, NULL, &err); + if (!result) { + error_report("%s: Failed to Load: %s", __func__, err->message); + return -1; + } + + return 0; +} + +static int dbus_vmstate_post_load(void *opaque, int version_id) +{ + DBusVMState *self = DBUS_VMSTATE(opaque); + g_autoptr(GInputStream) m = NULL; + g_autoptr(GDataInputStream) s = NULL; + g_autoptr(GError) err = NULL; + g_autoptr(GHashTable) proxies = NULL; + uint32_t nelem; + + trace_dbus_vmstate_post_load(version_id); + + proxies = dbus_get_proxies(self, &err); + if (!proxies) { + error_report("%s: Failed to get proxies: %s", __func__, err->message); + return -1; + } + + m = g_memory_input_stream_new_from_data(self->data, self->data_size, NULL); + s = g_data_input_stream_new(m); + g_data_input_stream_set_byte_order(s, G_DATA_STREAM_BYTE_ORDER_BIG_ENDIAN); + g_buffered_input_stream_set_buffer_size(G_BUFFERED_INPUT_STREAM(s), + DBUS_VMSTATE_SIZE_LIMIT); + + nelem = g_data_input_stream_read_uint32(s, NULL, &err); + if (err) { + goto error; + } + + while (nelem > 0) { + GDBusProxy *proxy = NULL; + uint32_t len; + gsize bytes_read, avail; + char id[256]; + + len = g_data_input_stream_read_uint32(s, NULL, &err); + if (err) { + goto error; + } + if (len >= 256) { + error_report("%s: Invalid DBus vmstate proxy name %u", + __func__, len); + return -1; + } + if (!g_input_stream_read_all(G_INPUT_STREAM(s), id, len, + &bytes_read, NULL, &err)) { + goto error; + } + if (bytes_read != len) { + error_report("%s: Short read", __func__); + return -1; + } + id[len] = 0; + + trace_dbus_vmstate_loading(id); + + proxy = g_hash_table_lookup(proxies, id); + if (!proxy) { + error_report("%s: Failed to find proxy Id '%s'", __func__, id); + return -1; + } + + len = g_data_input_stream_read_uint32(s, NULL, &err); + if (len > DBUS_VMSTATE_SIZE_LIMIT) { + error_report("%s: Invalid vmstate size: %u", __func__, len); + return -1; + } + + g_buffered_input_stream_fill(G_BUFFERED_INPUT_STREAM(s), len, NULL, + &err); + if (err) { + goto error; + } + + avail = g_buffered_input_stream_get_available( + G_BUFFERED_INPUT_STREAM(s)); + if (len > avail) { + error_report("%s: Not enough data available to load for Id: '%s'. " + "Available data size: %zu, Actual vmstate size: %u", + __func__, id, avail, len); + return -1; + } + + if (dbus_load_state_proxy(proxy, + g_buffered_input_stream_peek_buffer(G_BUFFERED_INPUT_STREAM(s), + NULL), + len) < 0) { + error_report("%s: Failed to restore Id '%s'", __func__, id); + return -1; + } + + if (!g_seekable_seek(G_SEEKABLE(s), len, G_SEEK_CUR, NULL, &err)) { + goto error; + } + + nelem -= 1; + } + + return 0; + +error: + error_report("%s: Failed to read from stream: %s", __func__, err->message); + return -1; +} + +static void +dbus_save_state_proxy(gpointer key, + gpointer value, + gpointer user_data) +{ + GDataOutputStream *s = user_data; + const char *id = key; + GDBusProxy *proxy = value; + g_autoptr(GVariant) result = NULL; + g_autoptr(GVariant) child = NULL; + g_autoptr(GError) err = NULL; + const uint8_t *data; + gsize size; + + trace_dbus_vmstate_saving(id); + + result = g_dbus_proxy_call_sync(proxy, "Save", + NULL, G_DBUS_CALL_FLAGS_NO_AUTO_START, + -1, NULL, &err); + if (!result) { + error_report("%s: Failed to Save: %s", __func__, err->message); + return; + } + + child = g_variant_get_child_value(result, 0); + data = g_variant_get_fixed_array(child, &size, sizeof(char)); + if (!data) { + error_report("%s: Failed to Save: not a byte array", __func__); + return; + } + if (size > DBUS_VMSTATE_SIZE_LIMIT) { + error_report("%s: Too large vmstate data to save: %zu", + __func__, (size_t)size); + return; + } + + if (!g_data_output_stream_put_uint32(s, strlen(id), NULL, &err) || + !g_data_output_stream_put_string(s, id, NULL, &err) || + !g_data_output_stream_put_uint32(s, size, NULL, &err) || + !g_output_stream_write_all(G_OUTPUT_STREAM(s), + data, size, NULL, NULL, &err)) { + error_report("%s: Failed to write to stream: %s", + __func__, err->message); + } +} + +static int dbus_vmstate_pre_save(void *opaque) +{ + DBusVMState *self = DBUS_VMSTATE(opaque); + g_autoptr(GOutputStream) m = NULL; + g_autoptr(GDataOutputStream) s = NULL; + g_autoptr(GHashTable) proxies = NULL; + g_autoptr(GError) err = NULL; + + trace_dbus_vmstate_pre_save(); + + proxies = dbus_get_proxies(self, &err); + if (!proxies) { + error_report("%s: Failed to get proxies: %s", __func__, err->message); + return -1; + } + + m = g_memory_output_stream_new_resizable(); + s = g_data_output_stream_new(m); + g_data_output_stream_set_byte_order(s, G_DATA_STREAM_BYTE_ORDER_BIG_ENDIAN); + + if (!g_data_output_stream_put_uint32(s, g_hash_table_size(proxies), + NULL, &err)) { + error_report("%s: Failed to write to stream: %s", + __func__, err->message); + return -1; + } + + g_hash_table_foreach(proxies, dbus_save_state_proxy, s); + + if (g_memory_output_stream_get_size(G_MEMORY_OUTPUT_STREAM(m)) + > UINT32_MAX) { + error_report("%s: DBus vmstate buffer is too large", __func__); + return -1; + } + + if (!g_output_stream_close(G_OUTPUT_STREAM(m), NULL, &err)) { + error_report("%s: Failed to close stream: %s", __func__, err->message); + return -1; + } + + g_free(self->data); + self->data_size = + g_memory_output_stream_get_size(G_MEMORY_OUTPUT_STREAM(m)); + self->data = + g_memory_output_stream_steal_data(G_MEMORY_OUTPUT_STREAM(m)); + + return 0; +} + +static const VMStateDescription dbus_vmstate = { + .name = TYPE_DBUS_VMSTATE, + .version_id = 0, + .pre_save = dbus_vmstate_pre_save, + .post_load = dbus_vmstate_post_load, + .fields = (VMStateField[]) { + VMSTATE_UINT32(data_size, DBusVMState), + VMSTATE_VBUFFER_ALLOC_UINT32(data, DBusVMState, 0, 0, data_size), + VMSTATE_END_OF_LIST() + } +}; + +static void +dbus_vmstate_complete(UserCreatable *uc, Error **errp) +{ + DBusVMState *self = DBUS_VMSTATE(uc); + g_autoptr(GError) err = NULL; + + if (!object_resolve_path_type("", TYPE_DBUS_VMSTATE, NULL)) { + error_setg(errp, "There is already an instance of %s", + TYPE_DBUS_VMSTATE); + return; + } + + if (!self->dbus_addr) { + error_setg(errp, QERR_MISSING_PARAMETER, "addr"); + return; + } + + self->bus = g_dbus_connection_new_for_address_sync(self->dbus_addr, + G_DBUS_CONNECTION_FLAGS_AUTHENTICATION_CLIENT | + G_DBUS_CONNECTION_FLAGS_MESSAGE_BUS_CONNECTION, + NULL, NULL, &err); + if (err) { + error_setg(errp, "failed to connect to DBus: '%s'", err->message); + return; + } + + if (vmstate_register(VMSTATE_IF(self), VMSTATE_INSTANCE_ID_ANY, + &dbus_vmstate, self) < 0) { + error_setg(errp, "Failed to register vmstate"); + } +} + +static void +dbus_vmstate_finalize(Object *o) +{ + DBusVMState *self = DBUS_VMSTATE(o); + + vmstate_unregister(VMSTATE_IF(self), &dbus_vmstate, self); + + g_clear_object(&self->bus); + g_free(self->dbus_addr); + g_free(self->id_list); + g_free(self->data); +} + +static char * +get_dbus_addr(Object *o, Error **errp) +{ + DBusVMState *self = DBUS_VMSTATE(o); + + return g_strdup(self->dbus_addr); +} + +static void +set_dbus_addr(Object *o, const char *str, Error **errp) +{ + DBusVMState *self = DBUS_VMSTATE(o); + + g_free(self->dbus_addr); + self->dbus_addr = g_strdup(str); +} + +static char * +get_id_list(Object *o, Error **errp) +{ + DBusVMState *self = DBUS_VMSTATE(o); + + return g_strdup(self->id_list); +} + +static void +set_id_list(Object *o, const char *str, Error **errp) +{ + DBusVMState *self = DBUS_VMSTATE(o); + + g_free(self->id_list); + self->id_list = g_strdup(str); +} + +static char * +dbus_vmstate_get_id(VMStateIf *vmif) +{ + return g_strdup(TYPE_DBUS_VMSTATE); +} + +static void +dbus_vmstate_class_init(ObjectClass *oc, void *data) +{ + UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc); + VMStateIfClass *vc = VMSTATE_IF_CLASS(oc); + + ucc->complete = dbus_vmstate_complete; + vc->get_id = dbus_vmstate_get_id; + + object_class_property_add_str(oc, "addr", + get_dbus_addr, set_dbus_addr); + object_class_property_add_str(oc, "id-list", + get_id_list, set_id_list); +} + +static const TypeInfo dbus_vmstate_info = { + .name = TYPE_DBUS_VMSTATE, + .parent = TYPE_OBJECT, + .instance_size = sizeof(DBusVMState), + .instance_finalize = dbus_vmstate_finalize, + .class_init = dbus_vmstate_class_init, + .interfaces = (InterfaceInfo[]) { + { TYPE_USER_CREATABLE }, + { TYPE_VMSTATE_IF }, + { } + } +}; + +static void +register_types(void) +{ + type_register_static(&dbus_vmstate_info); +} + +type_init(register_types); diff --git a/backends/hostmem-epc.c b/backends/hostmem-epc.c new file mode 100644 index 000000000..b47f98b6a --- /dev/null +++ b/backends/hostmem-epc.c @@ -0,0 +1,82 @@ +/* + * QEMU host SGX EPC memory backend + * + * Copyright (C) 2019 Intel Corporation + * + * Authors: + * Sean Christopherson <sean.j.christopherson@intel.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ +#include <sys/ioctl.h> + +#include "qemu/osdep.h" +#include "qemu-common.h" +#include "qom/object_interfaces.h" +#include "qapi/error.h" +#include "sysemu/hostmem.h" +#include "hw/i386/hostmem-epc.h" + +static void +sgx_epc_backend_memory_alloc(HostMemoryBackend *backend, Error **errp) +{ + uint32_t ram_flags; + char *name; + int fd; + + if (!backend->size) { + error_setg(errp, "can't create backend with size 0"); + return; + } + + fd = qemu_open_old("/dev/sgx_vepc", O_RDWR); + if (fd < 0) { + error_setg_errno(errp, errno, + "failed to open /dev/sgx_vepc to alloc SGX EPC"); + return; + } + + name = object_get_canonical_path(OBJECT(backend)); + ram_flags = (backend->share ? RAM_SHARED : 0) | RAM_PROTECTED; + memory_region_init_ram_from_fd(&backend->mr, OBJECT(backend), + name, backend->size, ram_flags, + fd, 0, errp); + g_free(name); +} + +static void sgx_epc_backend_instance_init(Object *obj) +{ + HostMemoryBackend *m = MEMORY_BACKEND(obj); + + m->share = true; + m->merge = false; + m->dump = false; +} + +static void sgx_epc_backend_class_init(ObjectClass *oc, void *data) +{ + HostMemoryBackendClass *bc = MEMORY_BACKEND_CLASS(oc); + + bc->alloc = sgx_epc_backend_memory_alloc; +} + +static const TypeInfo sgx_epc_backed_info = { + .name = TYPE_MEMORY_BACKEND_EPC, + .parent = TYPE_MEMORY_BACKEND, + .instance_init = sgx_epc_backend_instance_init, + .class_init = sgx_epc_backend_class_init, + .instance_size = sizeof(HostMemoryBackendEpc), +}; + +static void register_types(void) +{ + int fd = qemu_open_old("/dev/sgx_vepc", O_RDWR); + if (fd >= 0) { + close(fd); + + type_register_static(&sgx_epc_backed_info); + } +} + +type_init(register_types); diff --git a/backends/hostmem-file.c b/backends/hostmem-file.c new file mode 100644 index 000000000..cd038024f --- /dev/null +++ b/backends/hostmem-file.c @@ -0,0 +1,228 @@ +/* + * QEMU Host Memory Backend for hugetlbfs + * + * Copyright (C) 2013-2014 Red Hat Inc + * + * Authors: + * Paolo Bonzini <pbonzini@redhat.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "qemu/error-report.h" +#include "qemu/module.h" +#include "sysemu/hostmem.h" +#include "qom/object_interfaces.h" +#include "qom/object.h" + +OBJECT_DECLARE_SIMPLE_TYPE(HostMemoryBackendFile, MEMORY_BACKEND_FILE) + + +struct HostMemoryBackendFile { + HostMemoryBackend parent_obj; + + char *mem_path; + uint64_t align; + bool discard_data; + bool is_pmem; + bool readonly; +}; + +static void +file_backend_memory_alloc(HostMemoryBackend *backend, Error **errp) +{ +#ifndef CONFIG_POSIX + error_setg(errp, "backend '%s' not supported on this host", + object_get_typename(OBJECT(backend))); +#else + HostMemoryBackendFile *fb = MEMORY_BACKEND_FILE(backend); + uint32_t ram_flags; + gchar *name; + + if (!backend->size) { + error_setg(errp, "can't create backend with size 0"); + return; + } + if (!fb->mem_path) { + error_setg(errp, "mem-path property not set"); + return; + } + + name = host_memory_backend_get_name(backend); + ram_flags = backend->share ? RAM_SHARED : 0; + ram_flags |= backend->reserve ? 0 : RAM_NORESERVE; + ram_flags |= fb->is_pmem ? RAM_PMEM : 0; + memory_region_init_ram_from_file(&backend->mr, OBJECT(backend), name, + backend->size, fb->align, ram_flags, + fb->mem_path, fb->readonly, errp); + g_free(name); +#endif +} + +static char *get_mem_path(Object *o, Error **errp) +{ + HostMemoryBackendFile *fb = MEMORY_BACKEND_FILE(o); + + return g_strdup(fb->mem_path); +} + +static void set_mem_path(Object *o, const char *str, Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(o); + HostMemoryBackendFile *fb = MEMORY_BACKEND_FILE(o); + + if (host_memory_backend_mr_inited(backend)) { + error_setg(errp, "cannot change property 'mem-path' of %s", + object_get_typename(o)); + return; + } + g_free(fb->mem_path); + fb->mem_path = g_strdup(str); +} + +static bool file_memory_backend_get_discard_data(Object *o, Error **errp) +{ + return MEMORY_BACKEND_FILE(o)->discard_data; +} + +static void file_memory_backend_set_discard_data(Object *o, bool value, + Error **errp) +{ + MEMORY_BACKEND_FILE(o)->discard_data = value; +} + +static void file_memory_backend_get_align(Object *o, Visitor *v, + const char *name, void *opaque, + Error **errp) +{ + HostMemoryBackendFile *fb = MEMORY_BACKEND_FILE(o); + uint64_t val = fb->align; + + visit_type_size(v, name, &val, errp); +} + +static void file_memory_backend_set_align(Object *o, Visitor *v, + const char *name, void *opaque, + Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(o); + HostMemoryBackendFile *fb = MEMORY_BACKEND_FILE(o); + uint64_t val; + + if (host_memory_backend_mr_inited(backend)) { + error_setg(errp, "cannot change property '%s' of %s", name, + object_get_typename(o)); + return; + } + + if (!visit_type_size(v, name, &val, errp)) { + return; + } + fb->align = val; +} + +#ifdef CONFIG_LIBPMEM +static bool file_memory_backend_get_pmem(Object *o, Error **errp) +{ + return MEMORY_BACKEND_FILE(o)->is_pmem; +} + +static void file_memory_backend_set_pmem(Object *o, bool value, Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(o); + HostMemoryBackendFile *fb = MEMORY_BACKEND_FILE(o); + + if (host_memory_backend_mr_inited(backend)) { + error_setg(errp, "cannot change property 'pmem' of %s.", + object_get_typename(o)); + return; + } + + fb->is_pmem = value; +} +#endif /* CONFIG_LIBPMEM */ + +static bool file_memory_backend_get_readonly(Object *obj, Error **errp) +{ + HostMemoryBackendFile *fb = MEMORY_BACKEND_FILE(obj); + + return fb->readonly; +} + +static void file_memory_backend_set_readonly(Object *obj, bool value, + Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(obj); + HostMemoryBackendFile *fb = MEMORY_BACKEND_FILE(obj); + + if (host_memory_backend_mr_inited(backend)) { + error_setg(errp, "cannot change property 'readonly' of %s.", + object_get_typename(obj)); + return; + } + + fb->readonly = value; +} + +static void file_backend_unparent(Object *obj) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(obj); + HostMemoryBackendFile *fb = MEMORY_BACKEND_FILE(obj); + + if (host_memory_backend_mr_inited(backend) && fb->discard_data) { + void *ptr = memory_region_get_ram_ptr(&backend->mr); + uint64_t sz = memory_region_size(&backend->mr); + + qemu_madvise(ptr, sz, QEMU_MADV_REMOVE); + } +} + +static void +file_backend_class_init(ObjectClass *oc, void *data) +{ + HostMemoryBackendClass *bc = MEMORY_BACKEND_CLASS(oc); + + bc->alloc = file_backend_memory_alloc; + oc->unparent = file_backend_unparent; + + object_class_property_add_bool(oc, "discard-data", + file_memory_backend_get_discard_data, file_memory_backend_set_discard_data); + object_class_property_add_str(oc, "mem-path", + get_mem_path, set_mem_path); + object_class_property_add(oc, "align", "int", + file_memory_backend_get_align, + file_memory_backend_set_align, + NULL, NULL); +#ifdef CONFIG_LIBPMEM + object_class_property_add_bool(oc, "pmem", + file_memory_backend_get_pmem, file_memory_backend_set_pmem); +#endif + object_class_property_add_bool(oc, "readonly", + file_memory_backend_get_readonly, + file_memory_backend_set_readonly); +} + +static void file_backend_instance_finalize(Object *o) +{ + HostMemoryBackendFile *fb = MEMORY_BACKEND_FILE(o); + + g_free(fb->mem_path); +} + +static const TypeInfo file_backend_info = { + .name = TYPE_MEMORY_BACKEND_FILE, + .parent = TYPE_MEMORY_BACKEND, + .class_init = file_backend_class_init, + .instance_finalize = file_backend_instance_finalize, + .instance_size = sizeof(HostMemoryBackendFile), +}; + +static void register_types(void) +{ + type_register_static(&file_backend_info); +} + +type_init(register_types); diff --git a/backends/hostmem-memfd.c b/backends/hostmem-memfd.c new file mode 100644 index 000000000..3fc85c3db --- /dev/null +++ b/backends/hostmem-memfd.c @@ -0,0 +1,172 @@ +/* + * QEMU host memfd memory backend + * + * Copyright (C) 2018 Red Hat Inc + * + * Authors: + * Marc-André Lureau <marcandre.lureau@redhat.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "sysemu/hostmem.h" +#include "qom/object_interfaces.h" +#include "qemu/memfd.h" +#include "qemu/module.h" +#include "qapi/error.h" +#include "qom/object.h" + +#define TYPE_MEMORY_BACKEND_MEMFD "memory-backend-memfd" + +OBJECT_DECLARE_SIMPLE_TYPE(HostMemoryBackendMemfd, MEMORY_BACKEND_MEMFD) + + +struct HostMemoryBackendMemfd { + HostMemoryBackend parent_obj; + + bool hugetlb; + uint64_t hugetlbsize; + bool seal; +}; + +static void +memfd_backend_memory_alloc(HostMemoryBackend *backend, Error **errp) +{ + HostMemoryBackendMemfd *m = MEMORY_BACKEND_MEMFD(backend); + uint32_t ram_flags; + char *name; + int fd; + + if (!backend->size) { + error_setg(errp, "can't create backend with size 0"); + return; + } + + fd = qemu_memfd_create(TYPE_MEMORY_BACKEND_MEMFD, backend->size, + m->hugetlb, m->hugetlbsize, m->seal ? + F_SEAL_GROW | F_SEAL_SHRINK | F_SEAL_SEAL : 0, + errp); + if (fd == -1) { + return; + } + + name = host_memory_backend_get_name(backend); + ram_flags = backend->share ? RAM_SHARED : 0; + ram_flags |= backend->reserve ? 0 : RAM_NORESERVE; + memory_region_init_ram_from_fd(&backend->mr, OBJECT(backend), name, + backend->size, ram_flags, fd, 0, errp); + g_free(name); +} + +static bool +memfd_backend_get_hugetlb(Object *o, Error **errp) +{ + return MEMORY_BACKEND_MEMFD(o)->hugetlb; +} + +static void +memfd_backend_set_hugetlb(Object *o, bool value, Error **errp) +{ + MEMORY_BACKEND_MEMFD(o)->hugetlb = value; +} + +static void +memfd_backend_set_hugetlbsize(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + HostMemoryBackendMemfd *m = MEMORY_BACKEND_MEMFD(obj); + uint64_t value; + + if (host_memory_backend_mr_inited(MEMORY_BACKEND(obj))) { + error_setg(errp, "cannot change property value"); + return; + } + + if (!visit_type_size(v, name, &value, errp)) { + return; + } + if (!value) { + error_setg(errp, "Property '%s.%s' doesn't take value '%" PRIu64 "'", + object_get_typename(obj), name, value); + return; + } + m->hugetlbsize = value; +} + +static void +memfd_backend_get_hugetlbsize(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + HostMemoryBackendMemfd *m = MEMORY_BACKEND_MEMFD(obj); + uint64_t value = m->hugetlbsize; + + visit_type_size(v, name, &value, errp); +} + +static bool +memfd_backend_get_seal(Object *o, Error **errp) +{ + return MEMORY_BACKEND_MEMFD(o)->seal; +} + +static void +memfd_backend_set_seal(Object *o, bool value, Error **errp) +{ + MEMORY_BACKEND_MEMFD(o)->seal = value; +} + +static void +memfd_backend_instance_init(Object *obj) +{ + HostMemoryBackendMemfd *m = MEMORY_BACKEND_MEMFD(obj); + + /* default to sealed file */ + m->seal = true; + MEMORY_BACKEND(m)->share = true; +} + +static void +memfd_backend_class_init(ObjectClass *oc, void *data) +{ + HostMemoryBackendClass *bc = MEMORY_BACKEND_CLASS(oc); + + bc->alloc = memfd_backend_memory_alloc; + + if (qemu_memfd_check(MFD_HUGETLB)) { + object_class_property_add_bool(oc, "hugetlb", + memfd_backend_get_hugetlb, + memfd_backend_set_hugetlb); + object_class_property_set_description(oc, "hugetlb", + "Use huge pages"); + object_class_property_add(oc, "hugetlbsize", "int", + memfd_backend_get_hugetlbsize, + memfd_backend_set_hugetlbsize, + NULL, NULL); + object_class_property_set_description(oc, "hugetlbsize", + "Huge pages size (ex: 2M, 1G)"); + } + object_class_property_add_bool(oc, "seal", + memfd_backend_get_seal, + memfd_backend_set_seal); + object_class_property_set_description(oc, "seal", + "Seal growing & shrinking"); +} + +static const TypeInfo memfd_backend_info = { + .name = TYPE_MEMORY_BACKEND_MEMFD, + .parent = TYPE_MEMORY_BACKEND, + .instance_init = memfd_backend_instance_init, + .class_init = memfd_backend_class_init, + .instance_size = sizeof(HostMemoryBackendMemfd), +}; + +static void register_types(void) +{ + if (qemu_memfd_check(MFD_ALLOW_SEALING)) { + type_register_static(&memfd_backend_info); + } +} + +type_init(register_types); diff --git a/backends/hostmem-ram.c b/backends/hostmem-ram.c new file mode 100644 index 000000000..b8e55cdbd --- /dev/null +++ b/backends/hostmem-ram.c @@ -0,0 +1,57 @@ +/* + * QEMU Host Memory Backend + * + * Copyright (C) 2013-2014 Red Hat Inc + * + * Authors: + * Igor Mammedov <imammedo@redhat.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "sysemu/hostmem.h" +#include "qapi/error.h" +#include "qemu/module.h" +#include "qom/object_interfaces.h" + +static void +ram_backend_memory_alloc(HostMemoryBackend *backend, Error **errp) +{ + uint32_t ram_flags; + char *name; + + if (!backend->size) { + error_setg(errp, "can't create backend with size 0"); + return; + } + + name = host_memory_backend_get_name(backend); + ram_flags = backend->share ? RAM_SHARED : 0; + ram_flags |= backend->reserve ? 0 : RAM_NORESERVE; + memory_region_init_ram_flags_nomigrate(&backend->mr, OBJECT(backend), name, + backend->size, ram_flags, errp); + g_free(name); +} + +static void +ram_backend_class_init(ObjectClass *oc, void *data) +{ + HostMemoryBackendClass *bc = MEMORY_BACKEND_CLASS(oc); + + bc->alloc = ram_backend_memory_alloc; +} + +static const TypeInfo ram_backend_info = { + .name = TYPE_MEMORY_BACKEND_RAM, + .parent = TYPE_MEMORY_BACKEND, + .class_init = ram_backend_class_init, +}; + +static void register_types(void) +{ + type_register_static(&ram_backend_info); +} + +type_init(register_types); diff --git a/backends/hostmem.c b/backends/hostmem.c new file mode 100644 index 000000000..4c05862ed --- /dev/null +++ b/backends/hostmem.c @@ -0,0 +1,567 @@ +/* + * QEMU Host Memory Backend + * + * Copyright (C) 2013-2014 Red Hat Inc + * + * Authors: + * Igor Mammedov <imammedo@redhat.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "sysemu/hostmem.h" +#include "hw/boards.h" +#include "qapi/error.h" +#include "qapi/qapi-builtin-visit.h" +#include "qapi/visitor.h" +#include "qemu/config-file.h" +#include "qom/object_interfaces.h" +#include "qemu/mmap-alloc.h" + +#ifdef CONFIG_NUMA +#include <numaif.h> +QEMU_BUILD_BUG_ON(HOST_MEM_POLICY_DEFAULT != MPOL_DEFAULT); +QEMU_BUILD_BUG_ON(HOST_MEM_POLICY_PREFERRED != MPOL_PREFERRED); +QEMU_BUILD_BUG_ON(HOST_MEM_POLICY_BIND != MPOL_BIND); +QEMU_BUILD_BUG_ON(HOST_MEM_POLICY_INTERLEAVE != MPOL_INTERLEAVE); +#endif + +char * +host_memory_backend_get_name(HostMemoryBackend *backend) +{ + if (!backend->use_canonical_path) { + return g_strdup(object_get_canonical_path_component(OBJECT(backend))); + } + + return object_get_canonical_path(OBJECT(backend)); +} + +static void +host_memory_backend_get_size(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(obj); + uint64_t value = backend->size; + + visit_type_size(v, name, &value, errp); +} + +static void +host_memory_backend_set_size(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(obj); + uint64_t value; + + if (host_memory_backend_mr_inited(backend)) { + error_setg(errp, "cannot change property %s of %s ", name, + object_get_typename(obj)); + return; + } + + if (!visit_type_size(v, name, &value, errp)) { + return; + } + if (!value) { + error_setg(errp, + "property '%s' of %s doesn't take value '%" PRIu64 "'", + name, object_get_typename(obj), value); + return; + } + backend->size = value; +} + +static void +host_memory_backend_get_host_nodes(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(obj); + uint16List *host_nodes = NULL; + uint16List **tail = &host_nodes; + unsigned long value; + + value = find_first_bit(backend->host_nodes, MAX_NODES); + if (value == MAX_NODES) { + goto ret; + } + + QAPI_LIST_APPEND(tail, value); + + do { + value = find_next_bit(backend->host_nodes, MAX_NODES, value + 1); + if (value == MAX_NODES) { + break; + } + + QAPI_LIST_APPEND(tail, value); + } while (true); + +ret: + visit_type_uint16List(v, name, &host_nodes, errp); + qapi_free_uint16List(host_nodes); +} + +static void +host_memory_backend_set_host_nodes(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ +#ifdef CONFIG_NUMA + HostMemoryBackend *backend = MEMORY_BACKEND(obj); + uint16List *l, *host_nodes = NULL; + + visit_type_uint16List(v, name, &host_nodes, errp); + + for (l = host_nodes; l; l = l->next) { + if (l->value >= MAX_NODES) { + error_setg(errp, "Invalid host-nodes value: %d", l->value); + goto out; + } + } + + for (l = host_nodes; l; l = l->next) { + bitmap_set(backend->host_nodes, l->value, 1); + } + +out: + qapi_free_uint16List(host_nodes); +#else + error_setg(errp, "NUMA node binding are not supported by this QEMU"); +#endif +} + +static int +host_memory_backend_get_policy(Object *obj, Error **errp G_GNUC_UNUSED) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(obj); + return backend->policy; +} + +static void +host_memory_backend_set_policy(Object *obj, int policy, Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(obj); + backend->policy = policy; + +#ifndef CONFIG_NUMA + if (policy != HOST_MEM_POLICY_DEFAULT) { + error_setg(errp, "NUMA policies are not supported by this QEMU"); + } +#endif +} + +static bool host_memory_backend_get_merge(Object *obj, Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(obj); + + return backend->merge; +} + +static void host_memory_backend_set_merge(Object *obj, bool value, Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(obj); + + if (!host_memory_backend_mr_inited(backend)) { + backend->merge = value; + return; + } + + if (value != backend->merge) { + void *ptr = memory_region_get_ram_ptr(&backend->mr); + uint64_t sz = memory_region_size(&backend->mr); + + qemu_madvise(ptr, sz, + value ? QEMU_MADV_MERGEABLE : QEMU_MADV_UNMERGEABLE); + backend->merge = value; + } +} + +static bool host_memory_backend_get_dump(Object *obj, Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(obj); + + return backend->dump; +} + +static void host_memory_backend_set_dump(Object *obj, bool value, Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(obj); + + if (!host_memory_backend_mr_inited(backend)) { + backend->dump = value; + return; + } + + if (value != backend->dump) { + void *ptr = memory_region_get_ram_ptr(&backend->mr); + uint64_t sz = memory_region_size(&backend->mr); + + qemu_madvise(ptr, sz, + value ? QEMU_MADV_DODUMP : QEMU_MADV_DONTDUMP); + backend->dump = value; + } +} + +static bool host_memory_backend_get_prealloc(Object *obj, Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(obj); + + return backend->prealloc; +} + +static void host_memory_backend_set_prealloc(Object *obj, bool value, + Error **errp) +{ + Error *local_err = NULL; + HostMemoryBackend *backend = MEMORY_BACKEND(obj); + + if (!backend->reserve && value) { + error_setg(errp, "'prealloc=on' and 'reserve=off' are incompatible"); + return; + } + + if (!host_memory_backend_mr_inited(backend)) { + backend->prealloc = value; + return; + } + + if (value && !backend->prealloc) { + int fd = memory_region_get_fd(&backend->mr); + void *ptr = memory_region_get_ram_ptr(&backend->mr); + uint64_t sz = memory_region_size(&backend->mr); + + os_mem_prealloc(fd, ptr, sz, backend->prealloc_threads, &local_err); + if (local_err) { + error_propagate(errp, local_err); + return; + } + backend->prealloc = true; + } +} + +static void host_memory_backend_get_prealloc_threads(Object *obj, Visitor *v, + const char *name, void *opaque, Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(obj); + visit_type_uint32(v, name, &backend->prealloc_threads, errp); +} + +static void host_memory_backend_set_prealloc_threads(Object *obj, Visitor *v, + const char *name, void *opaque, Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(obj); + uint32_t value; + + if (!visit_type_uint32(v, name, &value, errp)) { + return; + } + if (value <= 0) { + error_setg(errp, "property '%s' of %s doesn't take value '%d'", name, + object_get_typename(obj), value); + return; + } + backend->prealloc_threads = value; +} + +static void host_memory_backend_init(Object *obj) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(obj); + MachineState *machine = MACHINE(qdev_get_machine()); + + /* TODO: convert access to globals to compat properties */ + backend->merge = machine_mem_merge(machine); + backend->dump = machine_dump_guest_core(machine); + backend->reserve = true; + backend->prealloc_threads = 1; +} + +static void host_memory_backend_post_init(Object *obj) +{ + object_apply_compat_props(obj); +} + +bool host_memory_backend_mr_inited(HostMemoryBackend *backend) +{ + /* + * NOTE: We forbid zero-length memory backend, so here zero means + * "we haven't inited the backend memory region yet". + */ + return memory_region_size(&backend->mr) != 0; +} + +MemoryRegion *host_memory_backend_get_memory(HostMemoryBackend *backend) +{ + return host_memory_backend_mr_inited(backend) ? &backend->mr : NULL; +} + +void host_memory_backend_set_mapped(HostMemoryBackend *backend, bool mapped) +{ + backend->is_mapped = mapped; +} + +bool host_memory_backend_is_mapped(HostMemoryBackend *backend) +{ + return backend->is_mapped; +} + +#ifdef __linux__ +size_t host_memory_backend_pagesize(HostMemoryBackend *memdev) +{ + Object *obj = OBJECT(memdev); + char *path = object_property_get_str(obj, "mem-path", NULL); + size_t pagesize = qemu_mempath_getpagesize(path); + + g_free(path); + return pagesize; +} +#else +size_t host_memory_backend_pagesize(HostMemoryBackend *memdev) +{ + return qemu_real_host_page_size; +} +#endif + +static void +host_memory_backend_memory_complete(UserCreatable *uc, Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(uc); + HostMemoryBackendClass *bc = MEMORY_BACKEND_GET_CLASS(uc); + Error *local_err = NULL; + void *ptr; + uint64_t sz; + + if (bc->alloc) { + bc->alloc(backend, &local_err); + if (local_err) { + goto out; + } + + ptr = memory_region_get_ram_ptr(&backend->mr); + sz = memory_region_size(&backend->mr); + + if (backend->merge) { + qemu_madvise(ptr, sz, QEMU_MADV_MERGEABLE); + } + if (!backend->dump) { + qemu_madvise(ptr, sz, QEMU_MADV_DONTDUMP); + } +#ifdef CONFIG_NUMA + unsigned long lastbit = find_last_bit(backend->host_nodes, MAX_NODES); + /* lastbit == MAX_NODES means maxnode = 0 */ + unsigned long maxnode = (lastbit + 1) % (MAX_NODES + 1); + /* ensure policy won't be ignored in case memory is preallocated + * before mbind(). note: MPOL_MF_STRICT is ignored on hugepages so + * this doesn't catch hugepage case. */ + unsigned flags = MPOL_MF_STRICT | MPOL_MF_MOVE; + + /* check for invalid host-nodes and policies and give more verbose + * error messages than mbind(). */ + if (maxnode && backend->policy == MPOL_DEFAULT) { + error_setg(errp, "host-nodes must be empty for policy default," + " or you should explicitly specify a policy other" + " than default"); + return; + } else if (maxnode == 0 && backend->policy != MPOL_DEFAULT) { + error_setg(errp, "host-nodes must be set for policy %s", + HostMemPolicy_str(backend->policy)); + return; + } + + /* We can have up to MAX_NODES nodes, but we need to pass maxnode+1 + * as argument to mbind() due to an old Linux bug (feature?) which + * cuts off the last specified node. This means backend->host_nodes + * must have MAX_NODES+1 bits available. + */ + assert(sizeof(backend->host_nodes) >= + BITS_TO_LONGS(MAX_NODES + 1) * sizeof(unsigned long)); + assert(maxnode <= MAX_NODES); + + if (maxnode && + mbind(ptr, sz, backend->policy, backend->host_nodes, maxnode + 1, + flags)) { + if (backend->policy != MPOL_DEFAULT || errno != ENOSYS) { + error_setg_errno(errp, errno, + "cannot bind memory to host NUMA nodes"); + return; + } + } +#endif + /* Preallocate memory after the NUMA policy has been instantiated. + * This is necessary to guarantee memory is allocated with + * specified NUMA policy in place. + */ + if (backend->prealloc) { + os_mem_prealloc(memory_region_get_fd(&backend->mr), ptr, sz, + backend->prealloc_threads, &local_err); + if (local_err) { + goto out; + } + } + } +out: + error_propagate(errp, local_err); +} + +static bool +host_memory_backend_can_be_deleted(UserCreatable *uc) +{ + if (host_memory_backend_is_mapped(MEMORY_BACKEND(uc))) { + return false; + } else { + return true; + } +} + +static bool host_memory_backend_get_share(Object *o, Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(o); + + return backend->share; +} + +static void host_memory_backend_set_share(Object *o, bool value, Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(o); + + if (host_memory_backend_mr_inited(backend)) { + error_setg(errp, "cannot change property value"); + return; + } + backend->share = value; +} + +#ifdef CONFIG_LINUX +static bool host_memory_backend_get_reserve(Object *o, Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(o); + + return backend->reserve; +} + +static void host_memory_backend_set_reserve(Object *o, bool value, Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(o); + + if (host_memory_backend_mr_inited(backend)) { + error_setg(errp, "cannot change property value"); + return; + } + if (backend->prealloc && !value) { + error_setg(errp, "'prealloc=on' and 'reserve=off' are incompatible"); + return; + } + backend->reserve = value; +} +#endif /* CONFIG_LINUX */ + +static bool +host_memory_backend_get_use_canonical_path(Object *obj, Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(obj); + + return backend->use_canonical_path; +} + +static void +host_memory_backend_set_use_canonical_path(Object *obj, bool value, + Error **errp) +{ + HostMemoryBackend *backend = MEMORY_BACKEND(obj); + + backend->use_canonical_path = value; +} + +static void +host_memory_backend_class_init(ObjectClass *oc, void *data) +{ + UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc); + + ucc->complete = host_memory_backend_memory_complete; + ucc->can_be_deleted = host_memory_backend_can_be_deleted; + + object_class_property_add_bool(oc, "merge", + host_memory_backend_get_merge, + host_memory_backend_set_merge); + object_class_property_set_description(oc, "merge", + "Mark memory as mergeable"); + object_class_property_add_bool(oc, "dump", + host_memory_backend_get_dump, + host_memory_backend_set_dump); + object_class_property_set_description(oc, "dump", + "Set to 'off' to exclude from core dump"); + object_class_property_add_bool(oc, "prealloc", + host_memory_backend_get_prealloc, + host_memory_backend_set_prealloc); + object_class_property_set_description(oc, "prealloc", + "Preallocate memory"); + object_class_property_add(oc, "prealloc-threads", "int", + host_memory_backend_get_prealloc_threads, + host_memory_backend_set_prealloc_threads, + NULL, NULL); + object_class_property_set_description(oc, "prealloc-threads", + "Number of CPU threads to use for prealloc"); + object_class_property_add(oc, "size", "int", + host_memory_backend_get_size, + host_memory_backend_set_size, + NULL, NULL); + object_class_property_set_description(oc, "size", + "Size of the memory region (ex: 500M)"); + object_class_property_add(oc, "host-nodes", "int", + host_memory_backend_get_host_nodes, + host_memory_backend_set_host_nodes, + NULL, NULL); + object_class_property_set_description(oc, "host-nodes", + "Binds memory to the list of NUMA host nodes"); + object_class_property_add_enum(oc, "policy", "HostMemPolicy", + &HostMemPolicy_lookup, + host_memory_backend_get_policy, + host_memory_backend_set_policy); + object_class_property_set_description(oc, "policy", + "Set the NUMA policy"); + object_class_property_add_bool(oc, "share", + host_memory_backend_get_share, host_memory_backend_set_share); + object_class_property_set_description(oc, "share", + "Mark the memory as private to QEMU or shared"); +#ifdef CONFIG_LINUX + object_class_property_add_bool(oc, "reserve", + host_memory_backend_get_reserve, host_memory_backend_set_reserve); + object_class_property_set_description(oc, "reserve", + "Reserve swap space (or huge pages) if applicable"); +#endif /* CONFIG_LINUX */ + /* + * Do not delete/rename option. This option must be considered stable + * (as if it didn't have the 'x-' prefix including deprecation period) as + * long as 4.0 and older machine types exists. + * Option will be used by upper layers to override (disable) canonical path + * for ramblock-id set by compat properties on old machine types ( <= 4.0), + * to keep migration working when backend is used for main RAM with + * -machine memory-backend= option (main RAM historically used prefix-less + * ramblock-id). + */ + object_class_property_add_bool(oc, "x-use-canonical-path-for-ramblock-id", + host_memory_backend_get_use_canonical_path, + host_memory_backend_set_use_canonical_path); +} + +static const TypeInfo host_memory_backend_info = { + .name = TYPE_MEMORY_BACKEND, + .parent = TYPE_OBJECT, + .abstract = true, + .class_size = sizeof(HostMemoryBackendClass), + .class_init = host_memory_backend_class_init, + .instance_size = sizeof(HostMemoryBackend), + .instance_init = host_memory_backend_init, + .instance_post_init = host_memory_backend_post_init, + .interfaces = (InterfaceInfo[]) { + { TYPE_USER_CREATABLE }, + { } + } +}; + +static void register_types(void) +{ + type_register_static(&host_memory_backend_info); +} + +type_init(register_types); diff --git a/backends/meson.build b/backends/meson.build new file mode 100644 index 000000000..6e6894552 --- /dev/null +++ b/backends/meson.build @@ -0,0 +1,21 @@ +softmmu_ss.add([files( + 'cryptodev-builtin.c', + 'cryptodev.c', + 'hostmem-ram.c', + 'hostmem.c', + 'rng-builtin.c', + 'rng-egd.c', + 'rng.c', + 'confidential-guest-support.c', +), numa]) + +softmmu_ss.add(when: 'CONFIG_POSIX', if_true: files('rng-random.c')) +softmmu_ss.add(when: 'CONFIG_POSIX', if_true: files('hostmem-file.c')) +softmmu_ss.add(when: 'CONFIG_LINUX', if_true: files('hostmem-memfd.c')) +softmmu_ss.add(when: ['CONFIG_VHOST_USER', 'CONFIG_VIRTIO'], if_true: files('vhost-user.c')) +softmmu_ss.add(when: 'CONFIG_VIRTIO_CRYPTO', if_true: files('cryptodev-vhost.c')) +softmmu_ss.add(when: ['CONFIG_VIRTIO_CRYPTO', 'CONFIG_VHOST_CRYPTO'], if_true: files('cryptodev-vhost-user.c')) +softmmu_ss.add(when: 'CONFIG_GIO', if_true: [files('dbus-vmstate.c'), gio]) +softmmu_ss.add(when: 'CONFIG_SGX', if_true: files('hostmem-epc.c')) + +subdir('tpm') diff --git a/backends/rng-builtin.c b/backends/rng-builtin.c new file mode 100644 index 000000000..f367eb665 --- /dev/null +++ b/backends/rng-builtin.c @@ -0,0 +1,79 @@ +/* + * QEMU Builtin Random Number Generator Backend + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "sysemu/rng.h" +#include "qemu/main-loop.h" +#include "qemu/guest-random.h" +#include "qom/object.h" +#include "sysemu/replay.h" + +OBJECT_DECLARE_SIMPLE_TYPE(RngBuiltin, RNG_BUILTIN) + +struct RngBuiltin { + RngBackend parent; + QEMUBH *bh; +}; + +static void rng_builtin_receive_entropy_bh(void *opaque) +{ + RngBuiltin *s = opaque; + + while (!QSIMPLEQ_EMPTY(&s->parent.requests)) { + RngRequest *req = QSIMPLEQ_FIRST(&s->parent.requests); + + qemu_guest_getrandom_nofail(req->data, req->size); + + req->receive_entropy(req->opaque, req->data, req->size); + + rng_backend_finalize_request(&s->parent, req); + } +} + +static void rng_builtin_request_entropy(RngBackend *b, RngRequest *req) +{ + RngBuiltin *s = RNG_BUILTIN(b); + + replay_bh_schedule_event(s->bh); +} + +static void rng_builtin_init(Object *obj) +{ + RngBuiltin *s = RNG_BUILTIN(obj); + + s->bh = qemu_bh_new(rng_builtin_receive_entropy_bh, s); +} + +static void rng_builtin_finalize(Object *obj) +{ + RngBuiltin *s = RNG_BUILTIN(obj); + + qemu_bh_delete(s->bh); +} + +static void rng_builtin_class_init(ObjectClass *klass, void *data) +{ + RngBackendClass *rbc = RNG_BACKEND_CLASS(klass); + + rbc->request_entropy = rng_builtin_request_entropy; +} + +static const TypeInfo rng_builtin_info = { + .name = TYPE_RNG_BUILTIN, + .parent = TYPE_RNG_BACKEND, + .instance_size = sizeof(RngBuiltin), + .instance_init = rng_builtin_init, + .instance_finalize = rng_builtin_finalize, + .class_init = rng_builtin_class_init, +}; + +static void register_types(void) +{ + type_register_static(&rng_builtin_info); +} + +type_init(register_types); diff --git a/backends/rng-egd.c b/backends/rng-egd.c new file mode 100644 index 000000000..4de142b9d --- /dev/null +++ b/backends/rng-egd.c @@ -0,0 +1,169 @@ +/* + * QEMU Random Number Generator Backend + * + * Copyright IBM, Corp. 2012 + * + * Authors: + * Anthony Liguori <aliguori@us.ibm.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "sysemu/rng.h" +#include "chardev/char-fe.h" +#include "qapi/error.h" +#include "qapi/qmp/qerror.h" +#include "qemu/module.h" +#include "qom/object.h" + +#define TYPE_RNG_EGD "rng-egd" +OBJECT_DECLARE_SIMPLE_TYPE(RngEgd, RNG_EGD) + +struct RngEgd { + RngBackend parent; + + CharBackend chr; + char *chr_name; +}; + +static void rng_egd_request_entropy(RngBackend *b, RngRequest *req) +{ + RngEgd *s = RNG_EGD(b); + size_t size = req->size; + + while (size > 0) { + uint8_t header[2]; + uint8_t len = MIN(size, 255); + + /* synchronous entropy request */ + header[0] = 0x02; + header[1] = len; + + /* XXX this blocks entire thread. Rewrite to use + * qemu_chr_fe_write and background I/O callbacks */ + qemu_chr_fe_write_all(&s->chr, header, sizeof(header)); + + size -= len; + } +} + +static int rng_egd_chr_can_read(void *opaque) +{ + RngEgd *s = RNG_EGD(opaque); + RngRequest *req; + int size = 0; + + QSIMPLEQ_FOREACH(req, &s->parent.requests, next) { + size += req->size - req->offset; + } + + return size; +} + +static void rng_egd_chr_read(void *opaque, const uint8_t *buf, int size) +{ + RngEgd *s = RNG_EGD(opaque); + size_t buf_offset = 0; + + while (size > 0 && !QSIMPLEQ_EMPTY(&s->parent.requests)) { + RngRequest *req = QSIMPLEQ_FIRST(&s->parent.requests); + int len = MIN(size, req->size - req->offset); + + memcpy(req->data + req->offset, buf + buf_offset, len); + buf_offset += len; + req->offset += len; + size -= len; + + if (req->offset == req->size) { + req->receive_entropy(req->opaque, req->data, req->size); + + rng_backend_finalize_request(&s->parent, req); + } + } +} + +static void rng_egd_opened(RngBackend *b, Error **errp) +{ + RngEgd *s = RNG_EGD(b); + Chardev *chr; + + if (s->chr_name == NULL) { + error_setg(errp, QERR_INVALID_PARAMETER_VALUE, + "chardev", "a valid character device"); + return; + } + + chr = qemu_chr_find(s->chr_name); + if (chr == NULL) { + error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, + "Device '%s' not found", s->chr_name); + return; + } + if (!qemu_chr_fe_init(&s->chr, chr, errp)) { + return; + } + + /* FIXME we should resubmit pending requests when the CDS reconnects. */ + qemu_chr_fe_set_handlers(&s->chr, rng_egd_chr_can_read, + rng_egd_chr_read, NULL, NULL, s, NULL, true); +} + +static void rng_egd_set_chardev(Object *obj, const char *value, Error **errp) +{ + RngBackend *b = RNG_BACKEND(obj); + RngEgd *s = RNG_EGD(b); + + if (b->opened) { + error_setg(errp, QERR_PERMISSION_DENIED); + } else { + g_free(s->chr_name); + s->chr_name = g_strdup(value); + } +} + +static char *rng_egd_get_chardev(Object *obj, Error **errp) +{ + RngEgd *s = RNG_EGD(obj); + Chardev *chr = qemu_chr_fe_get_driver(&s->chr); + + if (chr && chr->label) { + return g_strdup(chr->label); + } + + return NULL; +} + +static void rng_egd_finalize(Object *obj) +{ + RngEgd *s = RNG_EGD(obj); + + qemu_chr_fe_deinit(&s->chr, false); + g_free(s->chr_name); +} + +static void rng_egd_class_init(ObjectClass *klass, void *data) +{ + RngBackendClass *rbc = RNG_BACKEND_CLASS(klass); + + rbc->request_entropy = rng_egd_request_entropy; + rbc->opened = rng_egd_opened; + object_class_property_add_str(klass, "chardev", + rng_egd_get_chardev, rng_egd_set_chardev); +} + +static const TypeInfo rng_egd_info = { + .name = TYPE_RNG_EGD, + .parent = TYPE_RNG_BACKEND, + .instance_size = sizeof(RngEgd), + .class_init = rng_egd_class_init, + .instance_finalize = rng_egd_finalize, +}; + +static void register_types(void) +{ + type_register_static(&rng_egd_info); +} + +type_init(register_types); diff --git a/backends/rng-random.c b/backends/rng-random.c new file mode 100644 index 000000000..7add272ed --- /dev/null +++ b/backends/rng-random.c @@ -0,0 +1,153 @@ +/* + * QEMU Random Number Generator Backend + * + * Copyright IBM, Corp. 2012 + * + * Authors: + * Anthony Liguori <aliguori@us.ibm.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "sysemu/rng-random.h" +#include "sysemu/rng.h" +#include "qapi/error.h" +#include "qapi/qmp/qerror.h" +#include "qemu/main-loop.h" +#include "qemu/module.h" + +struct RngRandom +{ + RngBackend parent; + + int fd; + char *filename; +}; + +/** + * A simple and incomplete backend to request entropy from /dev/random. + * + * This backend exposes an additional "filename" property that can be used to + * set the filename to use to open the backend. + */ + +static void entropy_available(void *opaque) +{ + RngRandom *s = RNG_RANDOM(opaque); + + while (!QSIMPLEQ_EMPTY(&s->parent.requests)) { + RngRequest *req = QSIMPLEQ_FIRST(&s->parent.requests); + ssize_t len; + + len = read(s->fd, req->data, req->size); + if (len < 0 && errno == EAGAIN) { + return; + } + g_assert(len != -1); + + req->receive_entropy(req->opaque, req->data, len); + + rng_backend_finalize_request(&s->parent, req); + } + + /* We've drained all requests, the fd handler can be reset. */ + qemu_set_fd_handler(s->fd, NULL, NULL, NULL); +} + +static void rng_random_request_entropy(RngBackend *b, RngRequest *req) +{ + RngRandom *s = RNG_RANDOM(b); + + if (QSIMPLEQ_EMPTY(&s->parent.requests)) { + /* If there are no pending requests yet, we need to + * install our fd handler. */ + qemu_set_fd_handler(s->fd, entropy_available, NULL, s); + } +} + +static void rng_random_opened(RngBackend *b, Error **errp) +{ + RngRandom *s = RNG_RANDOM(b); + + if (s->filename == NULL) { + error_setg(errp, QERR_INVALID_PARAMETER_VALUE, + "filename", "a valid filename"); + } else { + s->fd = qemu_open_old(s->filename, O_RDONLY | O_NONBLOCK); + if (s->fd == -1) { + error_setg_file_open(errp, errno, s->filename); + } + } +} + +static char *rng_random_get_filename(Object *obj, Error **errp) +{ + RngRandom *s = RNG_RANDOM(obj); + + return g_strdup(s->filename); +} + +static void rng_random_set_filename(Object *obj, const char *filename, + Error **errp) +{ + RngBackend *b = RNG_BACKEND(obj); + RngRandom *s = RNG_RANDOM(obj); + + if (b->opened) { + error_setg(errp, QERR_PERMISSION_DENIED); + return; + } + + g_free(s->filename); + s->filename = g_strdup(filename); +} + +static void rng_random_init(Object *obj) +{ + RngRandom *s = RNG_RANDOM(obj); + + s->filename = g_strdup("/dev/urandom"); + s->fd = -1; +} + +static void rng_random_finalize(Object *obj) +{ + RngRandom *s = RNG_RANDOM(obj); + + if (s->fd != -1) { + qemu_set_fd_handler(s->fd, NULL, NULL, NULL); + qemu_close(s->fd); + } + + g_free(s->filename); +} + +static void rng_random_class_init(ObjectClass *klass, void *data) +{ + RngBackendClass *rbc = RNG_BACKEND_CLASS(klass); + + rbc->request_entropy = rng_random_request_entropy; + rbc->opened = rng_random_opened; + object_class_property_add_str(klass, "filename", + rng_random_get_filename, + rng_random_set_filename); + +} + +static const TypeInfo rng_random_info = { + .name = TYPE_RNG_RANDOM, + .parent = TYPE_RNG_BACKEND, + .instance_size = sizeof(RngRandom), + .class_init = rng_random_class_init, + .instance_init = rng_random_init, + .instance_finalize = rng_random_finalize, +}; + +static void register_types(void) +{ + type_register_static(&rng_random_info); +} + +type_init(register_types); diff --git a/backends/rng.c b/backends/rng.c new file mode 100644 index 000000000..3757b0448 --- /dev/null +++ b/backends/rng.c @@ -0,0 +1,148 @@ +/* + * QEMU Random Number Generator Backend + * + * Copyright IBM, Corp. 2012 + * + * Authors: + * Anthony Liguori <aliguori@us.ibm.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" +#include "sysemu/rng.h" +#include "qapi/error.h" +#include "qapi/qmp/qerror.h" +#include "qemu/module.h" +#include "qom/object_interfaces.h" + +void rng_backend_request_entropy(RngBackend *s, size_t size, + EntropyReceiveFunc *receive_entropy, + void *opaque) +{ + RngBackendClass *k = RNG_BACKEND_GET_CLASS(s); + RngRequest *req; + + if (k->request_entropy) { + req = g_malloc(sizeof(*req)); + + req->offset = 0; + req->size = size; + req->receive_entropy = receive_entropy; + req->opaque = opaque; + req->data = g_malloc(req->size); + + k->request_entropy(s, req); + + QSIMPLEQ_INSERT_TAIL(&s->requests, req, next); + } +} + +static bool rng_backend_prop_get_opened(Object *obj, Error **errp) +{ + RngBackend *s = RNG_BACKEND(obj); + + return s->opened; +} + +static void rng_backend_complete(UserCreatable *uc, Error **errp) +{ + object_property_set_bool(OBJECT(uc), "opened", true, errp); +} + +static void rng_backend_prop_set_opened(Object *obj, bool value, Error **errp) +{ + RngBackend *s = RNG_BACKEND(obj); + RngBackendClass *k = RNG_BACKEND_GET_CLASS(s); + Error *local_err = NULL; + + if (value == s->opened) { + return; + } + + if (!value && s->opened) { + error_setg(errp, QERR_PERMISSION_DENIED); + return; + } + + if (k->opened) { + k->opened(s, &local_err); + if (local_err) { + error_propagate(errp, local_err); + return; + } + } + + s->opened = true; +} + +static void rng_backend_free_request(RngRequest *req) +{ + g_free(req->data); + g_free(req); +} + +static void rng_backend_free_requests(RngBackend *s) +{ + RngRequest *req, *next; + + QSIMPLEQ_FOREACH_SAFE(req, &s->requests, next, next) { + rng_backend_free_request(req); + } + + QSIMPLEQ_INIT(&s->requests); +} + +void rng_backend_finalize_request(RngBackend *s, RngRequest *req) +{ + QSIMPLEQ_REMOVE(&s->requests, req, RngRequest, next); + rng_backend_free_request(req); +} + +static void rng_backend_init(Object *obj) +{ + RngBackend *s = RNG_BACKEND(obj); + + QSIMPLEQ_INIT(&s->requests); +} + +static void rng_backend_finalize(Object *obj) +{ + RngBackend *s = RNG_BACKEND(obj); + + rng_backend_free_requests(s); +} + +static void rng_backend_class_init(ObjectClass *oc, void *data) +{ + UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc); + + ucc->complete = rng_backend_complete; + + object_class_property_add_bool(oc, "opened", + rng_backend_prop_get_opened, + rng_backend_prop_set_opened); +} + +static const TypeInfo rng_backend_info = { + .name = TYPE_RNG_BACKEND, + .parent = TYPE_OBJECT, + .instance_size = sizeof(RngBackend), + .instance_init = rng_backend_init, + .instance_finalize = rng_backend_finalize, + .class_size = sizeof(RngBackendClass), + .class_init = rng_backend_class_init, + .abstract = true, + .interfaces = (InterfaceInfo[]) { + { TYPE_USER_CREATABLE }, + { } + } +}; + +static void register_types(void) +{ + type_register_static(&rng_backend_info); +} + +type_init(register_types); diff --git a/backends/tpm/Kconfig b/backends/tpm/Kconfig new file mode 100644 index 000000000..5d91eb89c --- /dev/null +++ b/backends/tpm/Kconfig @@ -0,0 +1,14 @@ +config TPM_BACKEND + bool + depends on TPM + +config TPM_PASSTHROUGH + bool + default y + # FIXME: should check for x86 host as well + depends on TPM_BACKEND && LINUX + +config TPM_EMULATOR + bool + default y + depends on TPM_BACKEND diff --git a/backends/tpm/meson.build b/backends/tpm/meson.build new file mode 100644 index 000000000..857929082 --- /dev/null +++ b/backends/tpm/meson.build @@ -0,0 +1,8 @@ +tpm_ss = ss.source_set() + +tpm_ss.add(files('tpm_backend.c')) +tpm_ss.add(files('tpm_util.c')) +tpm_ss.add(when: 'CONFIG_TPM_PASSTHROUGH', if_true: files('tpm_passthrough.c')) +tpm_ss.add(when: 'CONFIG_TPM_EMULATOR', if_true: files('tpm_emulator.c')) + +softmmu_ss.add_all(when: 'CONFIG_TPM', if_true: tpm_ss) diff --git a/backends/tpm/tpm_backend.c b/backends/tpm/tpm_backend.c new file mode 100644 index 000000000..375587e74 --- /dev/null +++ b/backends/tpm/tpm_backend.c @@ -0,0 +1,208 @@ +/* + * QEMU TPM Backend + * + * Copyright IBM, Corp. 2013 + * + * Authors: + * Stefan Berger <stefanb@us.ibm.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + * + * Based on backends/rng.c by Anthony Liguori + */ + +#include "qemu/osdep.h" +#include "sysemu/tpm_backend.h" +#include "qapi/error.h" +#include "sysemu/tpm.h" +#include "qemu/thread.h" +#include "qemu/main-loop.h" +#include "qemu/module.h" +#include "block/thread-pool.h" +#include "qemu/error-report.h" + +static void tpm_backend_request_completed(void *opaque, int ret) +{ + TPMBackend *s = TPM_BACKEND(opaque); + TPMIfClass *tic = TPM_IF_GET_CLASS(s->tpmif); + + tic->request_completed(s->tpmif, ret); + + /* no need for atomic, as long the BQL is taken */ + s->cmd = NULL; + object_unref(OBJECT(s)); +} + +static int tpm_backend_worker_thread(gpointer data) +{ + TPMBackend *s = TPM_BACKEND(data); + TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s); + Error *err = NULL; + + k->handle_request(s, s->cmd, &err); + if (err) { + error_report_err(err); + return -1; + } + + return 0; +} + +void tpm_backend_finish_sync(TPMBackend *s) +{ + while (s->cmd) { + aio_poll(qemu_get_aio_context(), true); + } +} + +enum TpmType tpm_backend_get_type(TPMBackend *s) +{ + TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s); + + return k->type; +} + +int tpm_backend_init(TPMBackend *s, TPMIf *tpmif, Error **errp) +{ + if (s->tpmif) { + error_setg(errp, "TPM backend '%s' is already initialized", s->id); + return -1; + } + + s->tpmif = tpmif; + object_ref(OBJECT(tpmif)); + + s->had_startup_error = false; + + return 0; +} + +int tpm_backend_startup_tpm(TPMBackend *s, size_t buffersize) +{ + int res = 0; + TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s); + + /* terminate a running TPM */ + tpm_backend_finish_sync(s); + + res = k->startup_tpm ? k->startup_tpm(s, buffersize) : 0; + + s->had_startup_error = (res != 0); + + return res; +} + +bool tpm_backend_had_startup_error(TPMBackend *s) +{ + return s->had_startup_error; +} + +void tpm_backend_deliver_request(TPMBackend *s, TPMBackendCmd *cmd) +{ + ThreadPool *pool = aio_get_thread_pool(qemu_get_aio_context()); + + if (s->cmd != NULL) { + error_report("There is a TPM request pending"); + return; + } + + s->cmd = cmd; + object_ref(OBJECT(s)); + thread_pool_submit_aio(pool, tpm_backend_worker_thread, s, + tpm_backend_request_completed, s); +} + +void tpm_backend_reset(TPMBackend *s) +{ + TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s); + + if (k->reset) { + k->reset(s); + } + + tpm_backend_finish_sync(s); + + s->had_startup_error = false; +} + +void tpm_backend_cancel_cmd(TPMBackend *s) +{ + TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s); + + k->cancel_cmd(s); +} + +bool tpm_backend_get_tpm_established_flag(TPMBackend *s) +{ + TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s); + + return k->get_tpm_established_flag ? + k->get_tpm_established_flag(s) : false; +} + +int tpm_backend_reset_tpm_established_flag(TPMBackend *s, uint8_t locty) +{ + TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s); + + return k->reset_tpm_established_flag ? + k->reset_tpm_established_flag(s, locty) : 0; +} + +TPMVersion tpm_backend_get_tpm_version(TPMBackend *s) +{ + TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s); + + return k->get_tpm_version(s); +} + +size_t tpm_backend_get_buffer_size(TPMBackend *s) +{ + TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s); + + return k->get_buffer_size(s); +} + +TPMInfo *tpm_backend_query_tpm(TPMBackend *s) +{ + TPMInfo *info = g_new0(TPMInfo, 1); + TPMBackendClass *k = TPM_BACKEND_GET_CLASS(s); + TPMIfClass *tic = TPM_IF_GET_CLASS(s->tpmif); + + info->id = g_strdup(s->id); + info->model = tic->model; + info->options = k->get_tpm_options(s); + + return info; +} + +static void tpm_backend_instance_finalize(Object *obj) +{ + TPMBackend *s = TPM_BACKEND(obj); + + object_unref(OBJECT(s->tpmif)); + g_free(s->id); +} + +static const TypeInfo tpm_backend_info = { + .name = TYPE_TPM_BACKEND, + .parent = TYPE_OBJECT, + .instance_size = sizeof(TPMBackend), + .instance_finalize = tpm_backend_instance_finalize, + .class_size = sizeof(TPMBackendClass), + .abstract = true, +}; + +static const TypeInfo tpm_if_info = { + .name = TYPE_TPM_IF, + .parent = TYPE_INTERFACE, + .class_size = sizeof(TPMIfClass), +}; + +static void register_types(void) +{ + type_register_static(&tpm_backend_info); + type_register_static(&tpm_if_info); +} + +type_init(register_types); diff --git a/backends/tpm/tpm_emulator.c b/backends/tpm/tpm_emulator.c new file mode 100644 index 000000000..87d061e9b --- /dev/null +++ b/backends/tpm/tpm_emulator.c @@ -0,0 +1,1000 @@ +/* + * Emulator TPM driver + * + * Copyright (c) 2017 Intel Corporation + * Author: Amarnath Valluri <amarnath.valluri@intel.com> + * + * Copyright (c) 2010 - 2013, 2018 IBM Corporation + * Authors: + * Stefan Berger <stefanb@us.ibm.com> + * + * Copyright (C) 2011 IAIK, Graz University of Technology + * Author: Andreas Niederl + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/> + * + */ + +#include "qemu/osdep.h" +#include "qemu/error-report.h" +#include "qemu/module.h" +#include "qemu/sockets.h" +#include "qemu/lockable.h" +#include "io/channel-socket.h" +#include "sysemu/tpm_backend.h" +#include "sysemu/tpm_util.h" +#include "tpm_int.h" +#include "tpm_ioctl.h" +#include "migration/blocker.h" +#include "migration/vmstate.h" +#include "qapi/error.h" +#include "qapi/clone-visitor.h" +#include "qapi/qapi-visit-tpm.h" +#include "chardev/char-fe.h" +#include "trace.h" +#include "qom/object.h" + +#define TYPE_TPM_EMULATOR "tpm-emulator" +OBJECT_DECLARE_SIMPLE_TYPE(TPMEmulator, TPM_EMULATOR) + +#define TPM_EMULATOR_IMPLEMENTS_ALL_CAPS(S, cap) (((S)->caps & (cap)) == (cap)) + +/* data structures */ + +/* blobs from the TPM; part of VM state when migrating */ +typedef struct TPMBlobBuffers { + uint32_t permanent_flags; + TPMSizedBuffer permanent; + + uint32_t volatil_flags; + TPMSizedBuffer volatil; + + uint32_t savestate_flags; + TPMSizedBuffer savestate; +} TPMBlobBuffers; + +struct TPMEmulator { + TPMBackend parent; + + TPMEmulatorOptions *options; + CharBackend ctrl_chr; + QIOChannel *data_ioc; + TPMVersion tpm_version; + ptm_cap caps; /* capabilities of the TPM */ + uint8_t cur_locty_number; /* last set locality */ + Error *migration_blocker; + + QemuMutex mutex; + + unsigned int established_flag:1; + unsigned int established_flag_cached:1; + + TPMBlobBuffers state_blobs; +}; + +struct tpm_error { + uint32_t tpm_result; + const char *string; +}; + +static const struct tpm_error tpm_errors[] = { + /* TPM 1.2 error codes */ + { TPM_BAD_PARAMETER , "a parameter is bad" }, + { TPM_FAIL , "operation failed" }, + { TPM_KEYNOTFOUND , "key could not be found" }, + { TPM_BAD_PARAM_SIZE , "bad parameter size"}, + { TPM_ENCRYPT_ERROR , "encryption error" }, + { TPM_DECRYPT_ERROR , "decryption error" }, + { TPM_BAD_KEY_PROPERTY, "bad key property" }, + { TPM_BAD_MODE , "bad (encryption) mode" }, + { TPM_BAD_VERSION , "bad version identifier" }, + { TPM_BAD_LOCALITY , "bad locality" }, + /* TPM 2 error codes */ + { TPM_RC_FAILURE , "operation failed" }, + { TPM_RC_LOCALITY , "bad locality" }, + { TPM_RC_INSUFFICIENT, "insufficient amount of data" }, +}; + +static const char *tpm_emulator_strerror(uint32_t tpm_result) +{ + size_t i; + + for (i = 0; i < ARRAY_SIZE(tpm_errors); i++) { + if (tpm_errors[i].tpm_result == tpm_result) { + return tpm_errors[i].string; + } + } + return ""; +} + +static int tpm_emulator_ctrlcmd(TPMEmulator *tpm, unsigned long cmd, void *msg, + size_t msg_len_in, size_t msg_len_out) +{ + CharBackend *dev = &tpm->ctrl_chr; + uint32_t cmd_no = cpu_to_be32(cmd); + ssize_t n = sizeof(uint32_t) + msg_len_in; + uint8_t *buf = NULL; + + WITH_QEMU_LOCK_GUARD(&tpm->mutex) { + buf = g_alloca(n); + memcpy(buf, &cmd_no, sizeof(cmd_no)); + memcpy(buf + sizeof(cmd_no), msg, msg_len_in); + + n = qemu_chr_fe_write_all(dev, buf, n); + if (n <= 0) { + return -1; + } + + if (msg_len_out != 0) { + n = qemu_chr_fe_read_all(dev, msg, msg_len_out); + if (n <= 0) { + return -1; + } + } + } + + return 0; +} + +static int tpm_emulator_unix_tx_bufs(TPMEmulator *tpm_emu, + const uint8_t *in, uint32_t in_len, + uint8_t *out, uint32_t out_len, + bool *selftest_done, + Error **errp) +{ + ssize_t ret; + bool is_selftest = false; + + if (selftest_done) { + *selftest_done = false; + is_selftest = tpm_util_is_selftest(in, in_len); + } + + ret = qio_channel_write_all(tpm_emu->data_ioc, (char *)in, in_len, errp); + if (ret != 0) { + return -1; + } + + ret = qio_channel_read_all(tpm_emu->data_ioc, (char *)out, + sizeof(struct tpm_resp_hdr), errp); + if (ret != 0) { + return -1; + } + + ret = qio_channel_read_all(tpm_emu->data_ioc, + (char *)out + sizeof(struct tpm_resp_hdr), + tpm_cmd_get_size(out) - sizeof(struct tpm_resp_hdr), errp); + if (ret != 0) { + return -1; + } + + if (is_selftest) { + *selftest_done = tpm_cmd_get_errcode(out) == 0; + } + + return 0; +} + +static int tpm_emulator_set_locality(TPMEmulator *tpm_emu, uint8_t locty_number, + Error **errp) +{ + ptm_loc loc; + + if (tpm_emu->cur_locty_number == locty_number) { + return 0; + } + + trace_tpm_emulator_set_locality(locty_number); + + memset(&loc, 0, sizeof(loc)); + loc.u.req.loc = locty_number; + if (tpm_emulator_ctrlcmd(tpm_emu, CMD_SET_LOCALITY, &loc, + sizeof(loc), sizeof(loc)) < 0) { + error_setg(errp, "tpm-emulator: could not set locality : %s", + strerror(errno)); + return -1; + } + + loc.u.resp.tpm_result = be32_to_cpu(loc.u.resp.tpm_result); + if (loc.u.resp.tpm_result != 0) { + error_setg(errp, "tpm-emulator: TPM result for set locality : 0x%x", + loc.u.resp.tpm_result); + return -1; + } + + tpm_emu->cur_locty_number = locty_number; + + return 0; +} + +static void tpm_emulator_handle_request(TPMBackend *tb, TPMBackendCmd *cmd, + Error **errp) +{ + TPMEmulator *tpm_emu = TPM_EMULATOR(tb); + + trace_tpm_emulator_handle_request(); + + if (tpm_emulator_set_locality(tpm_emu, cmd->locty, errp) < 0 || + tpm_emulator_unix_tx_bufs(tpm_emu, cmd->in, cmd->in_len, + cmd->out, cmd->out_len, + &cmd->selftest_done, errp) < 0) { + tpm_util_write_fatal_error_response(cmd->out, cmd->out_len); + } +} + +static int tpm_emulator_probe_caps(TPMEmulator *tpm_emu) +{ + if (tpm_emulator_ctrlcmd(tpm_emu, CMD_GET_CAPABILITY, + &tpm_emu->caps, 0, sizeof(tpm_emu->caps)) < 0) { + error_report("tpm-emulator: probing failed : %s", strerror(errno)); + return -1; + } + + tpm_emu->caps = be64_to_cpu(tpm_emu->caps); + + trace_tpm_emulator_probe_caps(tpm_emu->caps); + + return 0; +} + +static int tpm_emulator_check_caps(TPMEmulator *tpm_emu) +{ + ptm_cap caps = 0; + const char *tpm = NULL; + + /* check for min. required capabilities */ + switch (tpm_emu->tpm_version) { + case TPM_VERSION_1_2: + caps = PTM_CAP_INIT | PTM_CAP_SHUTDOWN | PTM_CAP_GET_TPMESTABLISHED | + PTM_CAP_SET_LOCALITY | PTM_CAP_SET_DATAFD | PTM_CAP_STOP | + PTM_CAP_SET_BUFFERSIZE; + tpm = "1.2"; + break; + case TPM_VERSION_2_0: + caps = PTM_CAP_INIT | PTM_CAP_SHUTDOWN | PTM_CAP_GET_TPMESTABLISHED | + PTM_CAP_SET_LOCALITY | PTM_CAP_RESET_TPMESTABLISHED | + PTM_CAP_SET_DATAFD | PTM_CAP_STOP | PTM_CAP_SET_BUFFERSIZE; + tpm = "2"; + break; + case TPM_VERSION_UNSPEC: + error_report("tpm-emulator: TPM version has not been set"); + return -1; + } + + if (!TPM_EMULATOR_IMPLEMENTS_ALL_CAPS(tpm_emu, caps)) { + error_report("tpm-emulator: TPM does not implement minimum set of " + "required capabilities for TPM %s (0x%x)", tpm, (int)caps); + return -1; + } + + return 0; +} + +static int tpm_emulator_stop_tpm(TPMBackend *tb) +{ + TPMEmulator *tpm_emu = TPM_EMULATOR(tb); + ptm_res res; + + if (tpm_emulator_ctrlcmd(tpm_emu, CMD_STOP, &res, 0, sizeof(res)) < 0) { + error_report("tpm-emulator: Could not stop TPM: %s", + strerror(errno)); + return -1; + } + + res = be32_to_cpu(res); + if (res) { + error_report("tpm-emulator: TPM result for CMD_STOP: 0x%x %s", res, + tpm_emulator_strerror(res)); + return -1; + } + + return 0; +} + +static int tpm_emulator_set_buffer_size(TPMBackend *tb, + size_t wanted_size, + size_t *actual_size) +{ + TPMEmulator *tpm_emu = TPM_EMULATOR(tb); + ptm_setbuffersize psbs; + + if (tpm_emulator_stop_tpm(tb) < 0) { + return -1; + } + + psbs.u.req.buffersize = cpu_to_be32(wanted_size); + + if (tpm_emulator_ctrlcmd(tpm_emu, CMD_SET_BUFFERSIZE, &psbs, + sizeof(psbs.u.req), sizeof(psbs.u.resp)) < 0) { + error_report("tpm-emulator: Could not set buffer size: %s", + strerror(errno)); + return -1; + } + + psbs.u.resp.tpm_result = be32_to_cpu(psbs.u.resp.tpm_result); + if (psbs.u.resp.tpm_result != 0) { + error_report("tpm-emulator: TPM result for set buffer size : 0x%x %s", + psbs.u.resp.tpm_result, + tpm_emulator_strerror(psbs.u.resp.tpm_result)); + return -1; + } + + if (actual_size) { + *actual_size = be32_to_cpu(psbs.u.resp.buffersize); + } + + trace_tpm_emulator_set_buffer_size( + be32_to_cpu(psbs.u.resp.buffersize), + be32_to_cpu(psbs.u.resp.minsize), + be32_to_cpu(psbs.u.resp.maxsize)); + + return 0; +} + +static int tpm_emulator_startup_tpm_resume(TPMBackend *tb, size_t buffersize, + bool is_resume) +{ + TPMEmulator *tpm_emu = TPM_EMULATOR(tb); + ptm_init init = { + .u.req.init_flags = 0, + }; + ptm_res res; + + trace_tpm_emulator_startup_tpm_resume(is_resume, buffersize); + + if (buffersize != 0 && + tpm_emulator_set_buffer_size(tb, buffersize, NULL) < 0) { + goto err_exit; + } + + if (is_resume) { + init.u.req.init_flags |= cpu_to_be32(PTM_INIT_FLAG_DELETE_VOLATILE); + } + + if (tpm_emulator_ctrlcmd(tpm_emu, CMD_INIT, &init, sizeof(init), + sizeof(init)) < 0) { + error_report("tpm-emulator: could not send INIT: %s", + strerror(errno)); + goto err_exit; + } + + res = be32_to_cpu(init.u.resp.tpm_result); + if (res) { + error_report("tpm-emulator: TPM result for CMD_INIT: 0x%x %s", res, + tpm_emulator_strerror(res)); + goto err_exit; + } + return 0; + +err_exit: + return -1; +} + +static int tpm_emulator_startup_tpm(TPMBackend *tb, size_t buffersize) +{ + return tpm_emulator_startup_tpm_resume(tb, buffersize, false); +} + +static bool tpm_emulator_get_tpm_established_flag(TPMBackend *tb) +{ + TPMEmulator *tpm_emu = TPM_EMULATOR(tb); + ptm_est est; + + if (tpm_emu->established_flag_cached) { + return tpm_emu->established_flag; + } + + if (tpm_emulator_ctrlcmd(tpm_emu, CMD_GET_TPMESTABLISHED, &est, + 0, sizeof(est)) < 0) { + error_report("tpm-emulator: Could not get the TPM established flag: %s", + strerror(errno)); + return false; + } + trace_tpm_emulator_get_tpm_established_flag(est.u.resp.bit); + + tpm_emu->established_flag_cached = 1; + tpm_emu->established_flag = (est.u.resp.bit != 0); + + return tpm_emu->established_flag; +} + +static int tpm_emulator_reset_tpm_established_flag(TPMBackend *tb, + uint8_t locty) +{ + TPMEmulator *tpm_emu = TPM_EMULATOR(tb); + ptm_reset_est reset_est; + ptm_res res; + + /* only a TPM 2.0 will support this */ + if (tpm_emu->tpm_version != TPM_VERSION_2_0) { + return 0; + } + + reset_est.u.req.loc = tpm_emu->cur_locty_number; + if (tpm_emulator_ctrlcmd(tpm_emu, CMD_RESET_TPMESTABLISHED, + &reset_est, sizeof(reset_est), + sizeof(reset_est)) < 0) { + error_report("tpm-emulator: Could not reset the establishment bit: %s", + strerror(errno)); + return -1; + } + + res = be32_to_cpu(reset_est.u.resp.tpm_result); + if (res) { + error_report( + "tpm-emulator: TPM result for rest established flag: 0x%x %s", + res, tpm_emulator_strerror(res)); + return -1; + } + + tpm_emu->established_flag_cached = 0; + + return 0; +} + +static void tpm_emulator_cancel_cmd(TPMBackend *tb) +{ + TPMEmulator *tpm_emu = TPM_EMULATOR(tb); + ptm_res res; + + if (!TPM_EMULATOR_IMPLEMENTS_ALL_CAPS(tpm_emu, PTM_CAP_CANCEL_TPM_CMD)) { + trace_tpm_emulator_cancel_cmd_not_supt(); + return; + } + + /* FIXME: make the function non-blocking, or it may block a VCPU */ + if (tpm_emulator_ctrlcmd(tpm_emu, CMD_CANCEL_TPM_CMD, &res, 0, + sizeof(res)) < 0) { + error_report("tpm-emulator: Could not cancel command: %s", + strerror(errno)); + } else if (res != 0) { + error_report("tpm-emulator: Failed to cancel TPM: 0x%x", + be32_to_cpu(res)); + } +} + +static TPMVersion tpm_emulator_get_tpm_version(TPMBackend *tb) +{ + TPMEmulator *tpm_emu = TPM_EMULATOR(tb); + + return tpm_emu->tpm_version; +} + +static size_t tpm_emulator_get_buffer_size(TPMBackend *tb) +{ + size_t actual_size; + + if (tpm_emulator_set_buffer_size(tb, 0, &actual_size) < 0) { + return 4096; + } + + return actual_size; +} + +static int tpm_emulator_block_migration(TPMEmulator *tpm_emu) +{ + Error *err = NULL; + ptm_cap caps = PTM_CAP_GET_STATEBLOB | PTM_CAP_SET_STATEBLOB | + PTM_CAP_STOP; + + if (!TPM_EMULATOR_IMPLEMENTS_ALL_CAPS(tpm_emu, caps)) { + error_setg(&tpm_emu->migration_blocker, + "Migration disabled: TPM emulator does not support " + "migration"); + if (migrate_add_blocker(tpm_emu->migration_blocker, &err) < 0) { + error_report_err(err); + error_free(tpm_emu->migration_blocker); + tpm_emu->migration_blocker = NULL; + + return -1; + } + } + + return 0; +} + +static int tpm_emulator_prepare_data_fd(TPMEmulator *tpm_emu) +{ + ptm_res res; + Error *err = NULL; + int fds[2] = { -1, -1 }; + + if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds) < 0) { + error_report("tpm-emulator: Failed to create socketpair"); + return -1; + } + + qemu_chr_fe_set_msgfds(&tpm_emu->ctrl_chr, fds + 1, 1); + + if (tpm_emulator_ctrlcmd(tpm_emu, CMD_SET_DATAFD, &res, 0, + sizeof(res)) < 0 || res != 0) { + error_report("tpm-emulator: Failed to send CMD_SET_DATAFD: %s", + strerror(errno)); + goto err_exit; + } + + tpm_emu->data_ioc = QIO_CHANNEL(qio_channel_socket_new_fd(fds[0], &err)); + if (err) { + error_prepend(&err, "tpm-emulator: Failed to create io channel: "); + error_report_err(err); + goto err_exit; + } + + closesocket(fds[1]); + + return 0; + +err_exit: + closesocket(fds[0]); + closesocket(fds[1]); + return -1; +} + +static int tpm_emulator_handle_device_opts(TPMEmulator *tpm_emu, QemuOpts *opts) +{ + const char *value; + Error *err = NULL; + Chardev *dev; + + value = qemu_opt_get(opts, "chardev"); + if (!value) { + error_report("tpm-emulator: parameter 'chardev' is missing"); + goto err; + } + + dev = qemu_chr_find(value); + if (!dev) { + error_report("tpm-emulator: tpm chardev '%s' not found", value); + goto err; + } + + if (!qemu_chr_fe_init(&tpm_emu->ctrl_chr, dev, &err)) { + error_prepend(&err, "tpm-emulator: No valid chardev found at '%s':", + value); + error_report_err(err); + goto err; + } + + tpm_emu->options->chardev = g_strdup(value); + + if (tpm_emulator_prepare_data_fd(tpm_emu) < 0) { + goto err; + } + + /* FIXME: tpm_util_test_tpmdev() accepts only on socket fd, as it also used + * by passthrough driver, which not yet using GIOChannel. + */ + if (tpm_util_test_tpmdev(QIO_CHANNEL_SOCKET(tpm_emu->data_ioc)->fd, + &tpm_emu->tpm_version)) { + error_report("'%s' is not emulating TPM device. Error: %s", + tpm_emu->options->chardev, strerror(errno)); + goto err; + } + + switch (tpm_emu->tpm_version) { + case TPM_VERSION_1_2: + trace_tpm_emulator_handle_device_opts_tpm12(); + break; + case TPM_VERSION_2_0: + trace_tpm_emulator_handle_device_opts_tpm2(); + break; + default: + trace_tpm_emulator_handle_device_opts_unspec(); + } + + if (tpm_emulator_probe_caps(tpm_emu) || + tpm_emulator_check_caps(tpm_emu)) { + goto err; + } + + return tpm_emulator_block_migration(tpm_emu); + +err: + trace_tpm_emulator_handle_device_opts_startup_error(); + + return -1; +} + +static TPMBackend *tpm_emulator_create(QemuOpts *opts) +{ + TPMBackend *tb = TPM_BACKEND(object_new(TYPE_TPM_EMULATOR)); + + if (tpm_emulator_handle_device_opts(TPM_EMULATOR(tb), opts)) { + object_unref(OBJECT(tb)); + return NULL; + } + + return tb; +} + +static TpmTypeOptions *tpm_emulator_get_tpm_options(TPMBackend *tb) +{ + TPMEmulator *tpm_emu = TPM_EMULATOR(tb); + TpmTypeOptions *options = g_new0(TpmTypeOptions, 1); + + options->type = TPM_TYPE_EMULATOR; + options->u.emulator.data = QAPI_CLONE(TPMEmulatorOptions, tpm_emu->options); + + return options; +} + +static const QemuOptDesc tpm_emulator_cmdline_opts[] = { + TPM_STANDARD_CMDLINE_OPTS, + { + .name = "chardev", + .type = QEMU_OPT_STRING, + .help = "Character device to use for out-of-band control messages", + }, + { /* end of list */ }, +}; + +/* + * Transfer a TPM state blob from the TPM into a provided buffer. + * + * @tpm_emu: TPMEmulator + * @type: the type of blob to transfer + * @tsb: the TPMSizeBuffer to fill with the blob + * @flags: the flags to return to the caller + */ +static int tpm_emulator_get_state_blob(TPMEmulator *tpm_emu, + uint8_t type, + TPMSizedBuffer *tsb, + uint32_t *flags) +{ + ptm_getstate pgs; + ptm_res res; + ssize_t n; + uint32_t totlength, length; + + tpm_sized_buffer_reset(tsb); + + pgs.u.req.state_flags = cpu_to_be32(PTM_STATE_FLAG_DECRYPTED); + pgs.u.req.type = cpu_to_be32(type); + pgs.u.req.offset = 0; + + if (tpm_emulator_ctrlcmd(tpm_emu, CMD_GET_STATEBLOB, + &pgs, sizeof(pgs.u.req), + offsetof(ptm_getstate, u.resp.data)) < 0) { + error_report("tpm-emulator: could not get state blob type %d : %s", + type, strerror(errno)); + return -1; + } + + res = be32_to_cpu(pgs.u.resp.tpm_result); + if (res != 0 && (res & 0x800) == 0) { + error_report("tpm-emulator: Getting the stateblob (type %d) failed " + "with a TPM error 0x%x %s", type, res, + tpm_emulator_strerror(res)); + return -1; + } + + totlength = be32_to_cpu(pgs.u.resp.totlength); + length = be32_to_cpu(pgs.u.resp.length); + if (totlength != length) { + error_report("tpm-emulator: Expecting to read %u bytes " + "but would get %u", totlength, length); + return -1; + } + + *flags = be32_to_cpu(pgs.u.resp.state_flags); + + if (totlength > 0) { + tsb->buffer = g_try_malloc(totlength); + if (!tsb->buffer) { + error_report("tpm-emulator: Out of memory allocating %u bytes", + totlength); + return -1; + } + + n = qemu_chr_fe_read_all(&tpm_emu->ctrl_chr, tsb->buffer, totlength); + if (n != totlength) { + error_report("tpm-emulator: Could not read stateblob (type %d); " + "expected %u bytes, got %zd", + type, totlength, n); + return -1; + } + } + tsb->size = totlength; + + trace_tpm_emulator_get_state_blob(type, tsb->size, *flags); + + return 0; +} + +static int tpm_emulator_get_state_blobs(TPMEmulator *tpm_emu) +{ + TPMBlobBuffers *state_blobs = &tpm_emu->state_blobs; + + if (tpm_emulator_get_state_blob(tpm_emu, PTM_BLOB_TYPE_PERMANENT, + &state_blobs->permanent, + &state_blobs->permanent_flags) < 0 || + tpm_emulator_get_state_blob(tpm_emu, PTM_BLOB_TYPE_VOLATILE, + &state_blobs->volatil, + &state_blobs->volatil_flags) < 0 || + tpm_emulator_get_state_blob(tpm_emu, PTM_BLOB_TYPE_SAVESTATE, + &state_blobs->savestate, + &state_blobs->savestate_flags) < 0) { + goto err_exit; + } + + return 0; + + err_exit: + tpm_sized_buffer_reset(&state_blobs->volatil); + tpm_sized_buffer_reset(&state_blobs->permanent); + tpm_sized_buffer_reset(&state_blobs->savestate); + + return -1; +} + +/* + * Transfer a TPM state blob to the TPM emulator. + * + * @tpm_emu: TPMEmulator + * @type: the type of TPM state blob to transfer + * @tsb: TPMSizedBuffer containing the TPM state blob + * @flags: Flags describing the (encryption) state of the TPM state blob + */ +static int tpm_emulator_set_state_blob(TPMEmulator *tpm_emu, + uint32_t type, + TPMSizedBuffer *tsb, + uint32_t flags) +{ + ssize_t n; + ptm_setstate pss; + ptm_res tpm_result; + + if (tsb->size == 0) { + return 0; + } + + pss = (ptm_setstate) { + .u.req.state_flags = cpu_to_be32(flags), + .u.req.type = cpu_to_be32(type), + .u.req.length = cpu_to_be32(tsb->size), + }; + + /* write the header only */ + if (tpm_emulator_ctrlcmd(tpm_emu, CMD_SET_STATEBLOB, &pss, + offsetof(ptm_setstate, u.req.data), 0) < 0) { + error_report("tpm-emulator: could not set state blob type %d : %s", + type, strerror(errno)); + return -1; + } + + /* now the body */ + n = qemu_chr_fe_write_all(&tpm_emu->ctrl_chr, tsb->buffer, tsb->size); + if (n != tsb->size) { + error_report("tpm-emulator: Writing the stateblob (type %d) " + "failed; could not write %u bytes, but only %zd", + type, tsb->size, n); + return -1; + } + + /* now get the result */ + n = qemu_chr_fe_read_all(&tpm_emu->ctrl_chr, + (uint8_t *)&pss, sizeof(pss.u.resp)); + if (n != sizeof(pss.u.resp)) { + error_report("tpm-emulator: Reading response from writing stateblob " + "(type %d) failed; expected %zu bytes, got %zd", type, + sizeof(pss.u.resp), n); + return -1; + } + + tpm_result = be32_to_cpu(pss.u.resp.tpm_result); + if (tpm_result != 0) { + error_report("tpm-emulator: Setting the stateblob (type %d) failed " + "with a TPM error 0x%x %s", type, tpm_result, + tpm_emulator_strerror(tpm_result)); + return -1; + } + + trace_tpm_emulator_set_state_blob(type, tsb->size, flags); + + return 0; +} + +/* + * Set all the TPM state blobs. + * + * Returns a negative errno code in case of error. + */ +static int tpm_emulator_set_state_blobs(TPMBackend *tb) +{ + TPMEmulator *tpm_emu = TPM_EMULATOR(tb); + TPMBlobBuffers *state_blobs = &tpm_emu->state_blobs; + + trace_tpm_emulator_set_state_blobs(); + + if (tpm_emulator_stop_tpm(tb) < 0) { + trace_tpm_emulator_set_state_blobs_error("Could not stop TPM"); + return -EIO; + } + + if (tpm_emulator_set_state_blob(tpm_emu, PTM_BLOB_TYPE_PERMANENT, + &state_blobs->permanent, + state_blobs->permanent_flags) < 0 || + tpm_emulator_set_state_blob(tpm_emu, PTM_BLOB_TYPE_VOLATILE, + &state_blobs->volatil, + state_blobs->volatil_flags) < 0 || + tpm_emulator_set_state_blob(tpm_emu, PTM_BLOB_TYPE_SAVESTATE, + &state_blobs->savestate, + state_blobs->savestate_flags) < 0) { + return -EIO; + } + + trace_tpm_emulator_set_state_blobs_done(); + + return 0; +} + +static int tpm_emulator_pre_save(void *opaque) +{ + TPMBackend *tb = opaque; + TPMEmulator *tpm_emu = TPM_EMULATOR(tb); + + trace_tpm_emulator_pre_save(); + + tpm_backend_finish_sync(tb); + + /* get the state blobs from the TPM */ + return tpm_emulator_get_state_blobs(tpm_emu); +} + +/* + * Load the TPM state blobs into the TPM. + * + * Returns negative errno codes in case of error. + */ +static int tpm_emulator_post_load(void *opaque, int version_id) +{ + TPMBackend *tb = opaque; + int ret; + + ret = tpm_emulator_set_state_blobs(tb); + if (ret < 0) { + return ret; + } + + if (tpm_emulator_startup_tpm_resume(tb, 0, true) < 0) { + return -EIO; + } + + return 0; +} + +static const VMStateDescription vmstate_tpm_emulator = { + .name = "tpm-emulator", + .version_id = 0, + .pre_save = tpm_emulator_pre_save, + .post_load = tpm_emulator_post_load, + .fields = (VMStateField[]) { + VMSTATE_UINT32(state_blobs.permanent_flags, TPMEmulator), + VMSTATE_UINT32(state_blobs.permanent.size, TPMEmulator), + VMSTATE_VBUFFER_ALLOC_UINT32(state_blobs.permanent.buffer, + TPMEmulator, 0, 0, + state_blobs.permanent.size), + + VMSTATE_UINT32(state_blobs.volatil_flags, TPMEmulator), + VMSTATE_UINT32(state_blobs.volatil.size, TPMEmulator), + VMSTATE_VBUFFER_ALLOC_UINT32(state_blobs.volatil.buffer, + TPMEmulator, 0, 0, + state_blobs.volatil.size), + + VMSTATE_UINT32(state_blobs.savestate_flags, TPMEmulator), + VMSTATE_UINT32(state_blobs.savestate.size, TPMEmulator), + VMSTATE_VBUFFER_ALLOC_UINT32(state_blobs.savestate.buffer, + TPMEmulator, 0, 0, + state_blobs.savestate.size), + + VMSTATE_END_OF_LIST() + } +}; + +static void tpm_emulator_inst_init(Object *obj) +{ + TPMEmulator *tpm_emu = TPM_EMULATOR(obj); + + trace_tpm_emulator_inst_init(); + + tpm_emu->options = g_new0(TPMEmulatorOptions, 1); + tpm_emu->cur_locty_number = ~0; + qemu_mutex_init(&tpm_emu->mutex); + + vmstate_register(NULL, VMSTATE_INSTANCE_ID_ANY, + &vmstate_tpm_emulator, obj); +} + +/* + * Gracefully shut down the external TPM + */ +static void tpm_emulator_shutdown(TPMEmulator *tpm_emu) +{ + ptm_res res; + + if (!tpm_emu->options->chardev) { + /* was never properly initialized */ + return; + } + + if (tpm_emulator_ctrlcmd(tpm_emu, CMD_SHUTDOWN, &res, 0, sizeof(res)) < 0) { + error_report("tpm-emulator: Could not cleanly shutdown the TPM: %s", + strerror(errno)); + } else if (res != 0) { + error_report("tpm-emulator: TPM result for shutdown: 0x%x %s", + be32_to_cpu(res), tpm_emulator_strerror(be32_to_cpu(res))); + } +} + +static void tpm_emulator_inst_finalize(Object *obj) +{ + TPMEmulator *tpm_emu = TPM_EMULATOR(obj); + TPMBlobBuffers *state_blobs = &tpm_emu->state_blobs; + + tpm_emulator_shutdown(tpm_emu); + + object_unref(OBJECT(tpm_emu->data_ioc)); + + qemu_chr_fe_deinit(&tpm_emu->ctrl_chr, false); + + qapi_free_TPMEmulatorOptions(tpm_emu->options); + + if (tpm_emu->migration_blocker) { + migrate_del_blocker(tpm_emu->migration_blocker); + error_free(tpm_emu->migration_blocker); + } + + tpm_sized_buffer_reset(&state_blobs->volatil); + tpm_sized_buffer_reset(&state_blobs->permanent); + tpm_sized_buffer_reset(&state_blobs->savestate); + + qemu_mutex_destroy(&tpm_emu->mutex); + + vmstate_unregister(NULL, &vmstate_tpm_emulator, obj); +} + +static void tpm_emulator_class_init(ObjectClass *klass, void *data) +{ + TPMBackendClass *tbc = TPM_BACKEND_CLASS(klass); + + tbc->type = TPM_TYPE_EMULATOR; + tbc->opts = tpm_emulator_cmdline_opts; + tbc->desc = "TPM emulator backend driver"; + tbc->create = tpm_emulator_create; + tbc->startup_tpm = tpm_emulator_startup_tpm; + tbc->cancel_cmd = tpm_emulator_cancel_cmd; + tbc->get_tpm_established_flag = tpm_emulator_get_tpm_established_flag; + tbc->reset_tpm_established_flag = tpm_emulator_reset_tpm_established_flag; + tbc->get_tpm_version = tpm_emulator_get_tpm_version; + tbc->get_buffer_size = tpm_emulator_get_buffer_size; + tbc->get_tpm_options = tpm_emulator_get_tpm_options; + + tbc->handle_request = tpm_emulator_handle_request; +} + +static const TypeInfo tpm_emulator_info = { + .name = TYPE_TPM_EMULATOR, + .parent = TYPE_TPM_BACKEND, + .instance_size = sizeof(TPMEmulator), + .class_init = tpm_emulator_class_init, + .instance_init = tpm_emulator_inst_init, + .instance_finalize = tpm_emulator_inst_finalize, +}; + +static void tpm_emulator_register(void) +{ + type_register_static(&tpm_emulator_info); +} + +type_init(tpm_emulator_register) diff --git a/backends/tpm/tpm_int.h b/backends/tpm/tpm_int.h new file mode 100644 index 000000000..ba6109306 --- /dev/null +++ b/backends/tpm/tpm_int.h @@ -0,0 +1,88 @@ +/* + * TPM configuration + * + * Copyright (C) 2011-2013 IBM Corporation + * + * Authors: + * Stefan Berger <stefanb@us.ibm.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ +#ifndef BACKENDS_TPM_INT_H +#define BACKENDS_TPM_INT_H + +#include "qemu/option.h" +#include "sysemu/tpm.h" + +#define TPM_STANDARD_CMDLINE_OPTS \ + { \ + .name = "type", \ + .type = QEMU_OPT_STRING, \ + .help = "Type of TPM backend", \ + } + +struct tpm_req_hdr { + uint16_t tag; + uint32_t len; + uint32_t ordinal; +} QEMU_PACKED; + +struct tpm_resp_hdr { + uint16_t tag; + uint32_t len; + uint32_t errcode; +} QEMU_PACKED; + +#define TPM_TAG_RQU_COMMAND 0xc1 +#define TPM_TAG_RQU_AUTH1_COMMAND 0xc2 +#define TPM_TAG_RQU_AUTH2_COMMAND 0xc3 + +#define TPM_TAG_RSP_COMMAND 0xc4 +#define TPM_TAG_RSP_AUTH1_COMMAND 0xc5 +#define TPM_TAG_RSP_AUTH2_COMMAND 0xc6 + +#define TPM_BAD_PARAMETER 3 +#define TPM_FAIL 9 +#define TPM_KEYNOTFOUND 13 +#define TPM_BAD_PARAM_SIZE 25 +#define TPM_ENCRYPT_ERROR 32 +#define TPM_DECRYPT_ERROR 33 +#define TPM_BAD_KEY_PROPERTY 40 +#define TPM_BAD_MODE 44 +#define TPM_BAD_VERSION 46 +#define TPM_BAD_LOCALITY 61 + +#define TPM_ORD_ContinueSelfTest 0x53 +#define TPM_ORD_GetTicks 0xf1 +#define TPM_ORD_GetCapability 0x65 + +#define TPM_CAP_PROPERTY 0x05 + +#define TPM_CAP_PROP_INPUT_BUFFER 0x124 + +/* TPM2 defines */ +#define TPM2_ST_NO_SESSIONS 0x8001 + +#define TPM2_CC_ReadClock 0x00000181 +#define TPM2_CC_GetCapability 0x0000017a + +#define TPM2_CAP_TPM_PROPERTIES 0x6 + +#define TPM2_PT_MAX_COMMAND_SIZE 0x11e + +#define TPM_RC_INSUFFICIENT 0x9a +#define TPM_RC_FAILURE 0x101 +#define TPM_RC_LOCALITY 0x907 + +int tpm_util_get_buffer_size(int tpm_fd, TPMVersion tpm_version, + size_t *buffersize); + +typedef struct TPMSizedBuffer { + uint32_t size; + uint8_t *buffer; +} TPMSizedBuffer; + +void tpm_sized_buffer_reset(TPMSizedBuffer *tsb); + +#endif /* BACKENDS_TPM_INT_H */ diff --git a/backends/tpm/tpm_ioctl.h b/backends/tpm/tpm_ioctl.h new file mode 100644 index 000000000..bd6c12cb8 --- /dev/null +++ b/backends/tpm/tpm_ioctl.h @@ -0,0 +1,275 @@ +/* + * tpm_ioctl.h + * + * (c) Copyright IBM Corporation 2014, 2015. + * + * This file is licensed under the terms of the 3-clause BSD license + */ + +#ifndef TPM_IOCTL_H +#define TPM_IOCTL_H + +#include <sys/uio.h> +#include <sys/ioctl.h> + +#ifdef HAVE_SYS_IOCCOM_H +#include <sys/ioccom.h> +#endif + +/* + * Every response from a command involving a TPM command execution must hold + * the ptm_res as the first element. + * ptm_res corresponds to the error code of a command executed by the TPM. + */ + +typedef uint32_t ptm_res; + +/* PTM_GET_TPMESTABLISHED: get the establishment bit */ +struct ptm_est { + union { + struct { + ptm_res tpm_result; + unsigned char bit; /* TPM established bit */ + } resp; /* response */ + } u; +}; + +/* PTM_RESET_TPMESTABLISHED: reset establishment bit */ +struct ptm_reset_est { + union { + struct { + uint8_t loc; /* locality to use */ + } req; /* request */ + struct { + ptm_res tpm_result; + } resp; /* response */ + } u; +}; + +/* PTM_INIT */ +struct ptm_init { + union { + struct { + uint32_t init_flags; /* see definitions below */ + } req; /* request */ + struct { + ptm_res tpm_result; + } resp; /* response */ + } u; +}; + +/* above init_flags */ +#define PTM_INIT_FLAG_DELETE_VOLATILE (1 << 0) + /* delete volatile state file after reading it */ + +/* PTM_SET_LOCALITY */ +struct ptm_loc { + union { + struct { + uint8_t loc; /* locality to set */ + } req; /* request */ + struct { + ptm_res tpm_result; + } resp; /* response */ + } u; +}; + +/* PTM_HASH_DATA: hash given data */ +struct ptm_hdata { + union { + struct { + uint32_t length; + uint8_t data[4096]; + } req; /* request */ + struct { + ptm_res tpm_result; + } resp; /* response */ + } u; +}; + +/* + * size of the TPM state blob to transfer; x86_64 can handle 8k, + * ppc64le only ~7k; keep the response below a 4k page size + */ +#define PTM_STATE_BLOB_SIZE (3 * 1024) + +/* + * The following is the data structure to get state blobs from the TPM. + * If the size of the state blob exceeds the PTM_STATE_BLOB_SIZE, multiple reads + * with this ioctl and with adjusted offset are necessary. All bytes + * must be transferred and the transfer is done once the last byte has been + * returned. + * It is possible to use the read() interface for reading the data; however, the + * first bytes of the state blob will be part of the response to the ioctl(); a + * subsequent read() is only necessary if the total length (totlength) exceeds + * the number of received bytes. seek() is not supported. + */ +struct ptm_getstate { + union { + struct { + uint32_t state_flags; /* may be: PTM_STATE_FLAG_DECRYPTED */ + uint32_t type; /* which blob to pull */ + uint32_t offset; /* offset from where to read */ + } req; /* request */ + struct { + ptm_res tpm_result; + uint32_t state_flags; /* may be: PTM_STATE_FLAG_ENCRYPTED */ + uint32_t totlength; /* total length that will be transferred */ + uint32_t length; /* number of bytes in following buffer */ + uint8_t data[PTM_STATE_BLOB_SIZE]; + } resp; /* response */ + } u; +}; + +/* TPM state blob types */ +#define PTM_BLOB_TYPE_PERMANENT 1 +#define PTM_BLOB_TYPE_VOLATILE 2 +#define PTM_BLOB_TYPE_SAVESTATE 3 + +/* state_flags above : */ +#define PTM_STATE_FLAG_DECRYPTED 1 /* on input: get decrypted state */ +#define PTM_STATE_FLAG_ENCRYPTED 2 /* on output: state is encrypted */ + +/* + * The following is the data structure to set state blobs in the TPM. + * If the size of the state blob exceeds the PTM_STATE_BLOB_SIZE, multiple + * 'writes' using this ioctl are necessary. The last packet is indicated + * by the length being smaller than the PTM_STATE_BLOB_SIZE. + * The very first packet may have a length indicator of '0' enabling + * a write() with all the bytes from a buffer. If the write() interface + * is used, a final ioctl with a non-full buffer must be made to indicate + * that all data were transferred (a write with 0 bytes would not work). + */ +struct ptm_setstate { + union { + struct { + uint32_t state_flags; /* may be PTM_STATE_FLAG_ENCRYPTED */ + uint32_t type; /* which blob to set */ + uint32_t length; /* length of the data; + use 0 on the first packet to + transfer using write() */ + uint8_t data[PTM_STATE_BLOB_SIZE]; + } req; /* request */ + struct { + ptm_res tpm_result; + } resp; /* response */ + } u; +}; + +/* + * PTM_GET_CONFIG: Data structure to get runtime configuration information + * such as which keys are applied. + */ +struct ptm_getconfig { + union { + struct { + ptm_res tpm_result; + uint32_t flags; + } resp; /* response */ + } u; +}; + +#define PTM_CONFIG_FLAG_FILE_KEY 0x1 +#define PTM_CONFIG_FLAG_MIGRATION_KEY 0x2 + +/* + * PTM_SET_BUFFERSIZE: Set the buffer size to be used by the TPM. + * A 0 on input queries for the current buffer size. Any other + * number will try to set the buffer size. The returned number is + * the buffer size that will be used, which can be larger than the + * requested one, if it was below the minimum, or smaller than the + * requested one, if it was above the maximum. + */ +struct ptm_setbuffersize { + union { + struct { + uint32_t buffersize; /* 0 to query for current buffer size */ + } req; /* request */ + struct { + ptm_res tpm_result; + uint32_t buffersize; /* buffer size in use */ + uint32_t minsize; /* min. supported buffer size */ + uint32_t maxsize; /* max. supported buffer size */ + } resp; /* response */ + } u; +}; + + +typedef uint64_t ptm_cap; +typedef struct ptm_est ptm_est; +typedef struct ptm_reset_est ptm_reset_est; +typedef struct ptm_loc ptm_loc; +typedef struct ptm_hdata ptm_hdata; +typedef struct ptm_init ptm_init; +typedef struct ptm_getstate ptm_getstate; +typedef struct ptm_setstate ptm_setstate; +typedef struct ptm_getconfig ptm_getconfig; +typedef struct ptm_setbuffersize ptm_setbuffersize; + +/* capability flags returned by PTM_GET_CAPABILITY */ +#define PTM_CAP_INIT (1) +#define PTM_CAP_SHUTDOWN (1 << 1) +#define PTM_CAP_GET_TPMESTABLISHED (1 << 2) +#define PTM_CAP_SET_LOCALITY (1 << 3) +#define PTM_CAP_HASHING (1 << 4) +#define PTM_CAP_CANCEL_TPM_CMD (1 << 5) +#define PTM_CAP_STORE_VOLATILE (1 << 6) +#define PTM_CAP_RESET_TPMESTABLISHED (1 << 7) +#define PTM_CAP_GET_STATEBLOB (1 << 8) +#define PTM_CAP_SET_STATEBLOB (1 << 9) +#define PTM_CAP_STOP (1 << 10) +#define PTM_CAP_GET_CONFIG (1 << 11) +#define PTM_CAP_SET_DATAFD (1 << 12) +#define PTM_CAP_SET_BUFFERSIZE (1 << 13) + +enum { + PTM_GET_CAPABILITY = _IOR('P', 0, ptm_cap), + PTM_INIT = _IOWR('P', 1, ptm_init), + PTM_SHUTDOWN = _IOR('P', 2, ptm_res), + PTM_GET_TPMESTABLISHED = _IOR('P', 3, ptm_est), + PTM_SET_LOCALITY = _IOWR('P', 4, ptm_loc), + PTM_HASH_START = _IOR('P', 5, ptm_res), + PTM_HASH_DATA = _IOWR('P', 6, ptm_hdata), + PTM_HASH_END = _IOR('P', 7, ptm_res), + PTM_CANCEL_TPM_CMD = _IOR('P', 8, ptm_res), + PTM_STORE_VOLATILE = _IOR('P', 9, ptm_res), + PTM_RESET_TPMESTABLISHED = _IOWR('P', 10, ptm_reset_est), + PTM_GET_STATEBLOB = _IOWR('P', 11, ptm_getstate), + PTM_SET_STATEBLOB = _IOWR('P', 12, ptm_setstate), + PTM_STOP = _IOR('P', 13, ptm_res), + PTM_GET_CONFIG = _IOR('P', 14, ptm_getconfig), + PTM_SET_DATAFD = _IOR('P', 15, ptm_res), + PTM_SET_BUFFERSIZE = _IOWR('P', 16, ptm_setbuffersize), +}; + +/* + * Commands used by the non-CUSE TPMs + * + * All messages container big-endian data. + * + * The return messages only contain the 'resp' part of the unions + * in the data structures above. Besides that the limits in the + * buffers above (ptm_hdata:u.req.data and ptm_get_state:u.resp.data + * and ptm_set_state:u.req.data) are 0xffffffff. + */ +enum { + CMD_GET_CAPABILITY = 1, + CMD_INIT, + CMD_SHUTDOWN, + CMD_GET_TPMESTABLISHED, + CMD_SET_LOCALITY, + CMD_HASH_START, + CMD_HASH_DATA, + CMD_HASH_END, + CMD_CANCEL_TPM_CMD, + CMD_STORE_VOLATILE, + CMD_RESET_TPMESTABLISHED, + CMD_GET_STATEBLOB, + CMD_SET_STATEBLOB, + CMD_STOP, + CMD_GET_CONFIG, + CMD_SET_DATAFD, + CMD_SET_BUFFERSIZE, +}; + +#endif /* TPM_IOCTL_H */ diff --git a/backends/tpm/tpm_passthrough.c b/backends/tpm/tpm_passthrough.c new file mode 100644 index 000000000..d5558fae6 --- /dev/null +++ b/backends/tpm/tpm_passthrough.c @@ -0,0 +1,404 @@ +/* + * passthrough TPM driver + * + * Copyright (c) 2010 - 2013 IBM Corporation + * Authors: + * Stefan Berger <stefanb@us.ibm.com> + * + * Copyright (C) 2011 IAIK, Graz University of Technology + * Author: Andreas Niederl + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/> + */ + +#include "qemu/osdep.h" +#include "qemu-common.h" +#include "qemu/error-report.h" +#include "qemu/module.h" +#include "qemu/sockets.h" +#include "sysemu/tpm_backend.h" +#include "sysemu/tpm_util.h" +#include "tpm_int.h" +#include "qapi/clone-visitor.h" +#include "qapi/qapi-visit-tpm.h" +#include "trace.h" +#include "qom/object.h" + +#define TYPE_TPM_PASSTHROUGH "tpm-passthrough" +OBJECT_DECLARE_SIMPLE_TYPE(TPMPassthruState, TPM_PASSTHROUGH) + +/* data structures */ +struct TPMPassthruState { + TPMBackend parent; + + TPMPassthroughOptions *options; + const char *tpm_dev; + int tpm_fd; + bool tpm_executing; + bool tpm_op_canceled; + int cancel_fd; + + TPMVersion tpm_version; + size_t tpm_buffersize; +}; + + +#define TPM_PASSTHROUGH_DEFAULT_DEVICE "/dev/tpm0" + +/* functions */ + +static void tpm_passthrough_cancel_cmd(TPMBackend *tb); + +static int tpm_passthrough_unix_read(int fd, uint8_t *buf, uint32_t len) +{ + int ret; + reread: + ret = read(fd, buf, len); + if (ret < 0) { + if (errno != EINTR && errno != EAGAIN) { + return -1; + } + goto reread; + } + return ret; +} + +static void tpm_passthrough_unix_tx_bufs(TPMPassthruState *tpm_pt, + const uint8_t *in, uint32_t in_len, + uint8_t *out, uint32_t out_len, + bool *selftest_done, Error **errp) +{ + ssize_t ret; + bool is_selftest; + + /* FIXME: protect shared variables or use other sync mechanism */ + tpm_pt->tpm_op_canceled = false; + tpm_pt->tpm_executing = true; + *selftest_done = false; + + is_selftest = tpm_util_is_selftest(in, in_len); + + ret = qemu_write_full(tpm_pt->tpm_fd, in, in_len); + if (ret != in_len) { + if (!tpm_pt->tpm_op_canceled || errno != ECANCELED) { + error_setg_errno(errp, errno, "tpm_passthrough: error while " + "transmitting data to TPM"); + } + goto err_exit; + } + + tpm_pt->tpm_executing = false; + + ret = tpm_passthrough_unix_read(tpm_pt->tpm_fd, out, out_len); + if (ret < 0) { + if (!tpm_pt->tpm_op_canceled || errno != ECANCELED) { + error_setg_errno(errp, errno, "tpm_passthrough: error while " + "reading data from TPM"); + } + } else if (ret < sizeof(struct tpm_resp_hdr) || + tpm_cmd_get_size(out) != ret) { + ret = -1; + error_setg_errno(errp, errno, "tpm_passthrough: received invalid " + "response packet from TPM"); + } + + if (is_selftest && (ret >= sizeof(struct tpm_resp_hdr))) { + *selftest_done = tpm_cmd_get_errcode(out) == 0; + } + +err_exit: + if (ret < 0) { + tpm_util_write_fatal_error_response(out, out_len); + } + + tpm_pt->tpm_executing = false; +} + +static void tpm_passthrough_handle_request(TPMBackend *tb, TPMBackendCmd *cmd, + Error **errp) +{ + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); + + trace_tpm_passthrough_handle_request(cmd); + + tpm_passthrough_unix_tx_bufs(tpm_pt, cmd->in, cmd->in_len, + cmd->out, cmd->out_len, &cmd->selftest_done, + errp); +} + +static void tpm_passthrough_reset(TPMBackend *tb) +{ + trace_tpm_passthrough_reset(); + + tpm_passthrough_cancel_cmd(tb); +} + +static bool tpm_passthrough_get_tpm_established_flag(TPMBackend *tb) +{ + return false; +} + +static int tpm_passthrough_reset_tpm_established_flag(TPMBackend *tb, + uint8_t locty) +{ + /* only a TPM 2.0 will support this */ + return 0; +} + +static void tpm_passthrough_cancel_cmd(TPMBackend *tb) +{ + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); + int n; + + /* + * As of Linux 3.7 the tpm_tis driver does not properly cancel + * commands on all TPM manufacturers' TPMs. + * Only cancel if we're busy so we don't cancel someone else's + * command, e.g., a command executed on the host. + */ + if (tpm_pt->tpm_executing) { + if (tpm_pt->cancel_fd >= 0) { + tpm_pt->tpm_op_canceled = true; + n = write(tpm_pt->cancel_fd, "-", 1); + if (n != 1) { + error_report("Canceling TPM command failed: %s", + strerror(errno)); + } + } else { + error_report("Cannot cancel TPM command due to missing " + "TPM sysfs cancel entry"); + } + } +} + +static TPMVersion tpm_passthrough_get_tpm_version(TPMBackend *tb) +{ + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); + + return tpm_pt->tpm_version; +} + +static size_t tpm_passthrough_get_buffer_size(TPMBackend *tb) +{ + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); + int ret; + + ret = tpm_util_get_buffer_size(tpm_pt->tpm_fd, tpm_pt->tpm_version, + &tpm_pt->tpm_buffersize); + if (ret < 0) { + tpm_pt->tpm_buffersize = 4096; + } + return tpm_pt->tpm_buffersize; +} + +/* + * Unless path or file descriptor set has been provided by user, + * determine the sysfs cancel file following kernel documentation + * in Documentation/ABI/stable/sysfs-class-tpm. + * From /dev/tpm0 create /sys/class/tpm/tpm0/device/cancel + * before 4.0: /sys/class/misc/tpm0/device/cancel + */ +static int tpm_passthrough_open_sysfs_cancel(TPMPassthruState *tpm_pt) +{ + int fd = -1; + char *dev; + char path[PATH_MAX]; + + if (tpm_pt->options->cancel_path) { + fd = qemu_open_old(tpm_pt->options->cancel_path, O_WRONLY); + if (fd < 0) { + error_report("tpm_passthrough: Could not open TPM cancel path: %s", + strerror(errno)); + } + return fd; + } + + dev = strrchr(tpm_pt->tpm_dev, '/'); + if (!dev) { + error_report("tpm_passthrough: Bad TPM device path %s", + tpm_pt->tpm_dev); + return -1; + } + + dev++; + if (snprintf(path, sizeof(path), "/sys/class/tpm/%s/device/cancel", + dev) < sizeof(path)) { + fd = qemu_open_old(path, O_WRONLY); + if (fd < 0) { + if (snprintf(path, sizeof(path), "/sys/class/misc/%s/device/cancel", + dev) < sizeof(path)) { + fd = qemu_open_old(path, O_WRONLY); + } + } + } + + if (fd < 0) { + error_report("tpm_passthrough: Could not guess TPM cancel path"); + } else { + tpm_pt->options->cancel_path = g_strdup(path); + } + + return fd; +} + +static int +tpm_passthrough_handle_device_opts(TPMPassthruState *tpm_pt, QemuOpts *opts) +{ + const char *value; + + value = qemu_opt_get(opts, "cancel-path"); + if (value) { + tpm_pt->options->cancel_path = g_strdup(value); + tpm_pt->options->has_cancel_path = true; + } + + value = qemu_opt_get(opts, "path"); + if (value) { + tpm_pt->options->has_path = true; + tpm_pt->options->path = g_strdup(value); + } + + tpm_pt->tpm_dev = value ? value : TPM_PASSTHROUGH_DEFAULT_DEVICE; + tpm_pt->tpm_fd = qemu_open_old(tpm_pt->tpm_dev, O_RDWR); + if (tpm_pt->tpm_fd < 0) { + error_report("Cannot access TPM device using '%s': %s", + tpm_pt->tpm_dev, strerror(errno)); + return -1; + } + + if (tpm_util_test_tpmdev(tpm_pt->tpm_fd, &tpm_pt->tpm_version)) { + error_report("'%s' is not a TPM device.", + tpm_pt->tpm_dev); + return -1; + } + + tpm_pt->cancel_fd = tpm_passthrough_open_sysfs_cancel(tpm_pt); + if (tpm_pt->cancel_fd < 0) { + return -1; + } + + return 0; +} + +static TPMBackend *tpm_passthrough_create(QemuOpts *opts) +{ + Object *obj = object_new(TYPE_TPM_PASSTHROUGH); + + if (tpm_passthrough_handle_device_opts(TPM_PASSTHROUGH(obj), opts)) { + object_unref(obj); + return NULL; + } + + return TPM_BACKEND(obj); +} + +static int tpm_passthrough_startup_tpm(TPMBackend *tb, size_t buffersize) +{ + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb); + + if (buffersize && buffersize < tpm_pt->tpm_buffersize) { + error_report("Requested buffer size of %zu is smaller than host TPM's " + "fixed buffer size of %zu", + buffersize, tpm_pt->tpm_buffersize); + return -1; + } + + return 0; +} + +static TpmTypeOptions *tpm_passthrough_get_tpm_options(TPMBackend *tb) +{ + TpmTypeOptions *options = g_new0(TpmTypeOptions, 1); + + options->type = TPM_TYPE_PASSTHROUGH; + options->u.passthrough.data = QAPI_CLONE(TPMPassthroughOptions, + TPM_PASSTHROUGH(tb)->options); + + return options; +} + +static const QemuOptDesc tpm_passthrough_cmdline_opts[] = { + TPM_STANDARD_CMDLINE_OPTS, + { + .name = "cancel-path", + .type = QEMU_OPT_STRING, + .help = "Sysfs file entry for canceling TPM commands", + }, + { + .name = "path", + .type = QEMU_OPT_STRING, + .help = "Path to TPM device on the host", + }, + { /* end of list */ }, +}; + +static void tpm_passthrough_inst_init(Object *obj) +{ + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(obj); + + tpm_pt->options = g_new0(TPMPassthroughOptions, 1); + tpm_pt->tpm_fd = -1; + tpm_pt->cancel_fd = -1; +} + +static void tpm_passthrough_inst_finalize(Object *obj) +{ + TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(obj); + + tpm_passthrough_cancel_cmd(TPM_BACKEND(obj)); + + if (tpm_pt->tpm_fd >= 0) { + qemu_close(tpm_pt->tpm_fd); + } + if (tpm_pt->cancel_fd >= 0) { + qemu_close(tpm_pt->cancel_fd); + } + qapi_free_TPMPassthroughOptions(tpm_pt->options); +} + +static void tpm_passthrough_class_init(ObjectClass *klass, void *data) +{ + TPMBackendClass *tbc = TPM_BACKEND_CLASS(klass); + + tbc->type = TPM_TYPE_PASSTHROUGH; + tbc->opts = tpm_passthrough_cmdline_opts; + tbc->desc = "Passthrough TPM backend driver"; + tbc->create = tpm_passthrough_create; + tbc->startup_tpm = tpm_passthrough_startup_tpm; + tbc->reset = tpm_passthrough_reset; + tbc->cancel_cmd = tpm_passthrough_cancel_cmd; + tbc->get_tpm_established_flag = tpm_passthrough_get_tpm_established_flag; + tbc->reset_tpm_established_flag = + tpm_passthrough_reset_tpm_established_flag; + tbc->get_tpm_version = tpm_passthrough_get_tpm_version; + tbc->get_buffer_size = tpm_passthrough_get_buffer_size; + tbc->get_tpm_options = tpm_passthrough_get_tpm_options; + tbc->handle_request = tpm_passthrough_handle_request; +} + +static const TypeInfo tpm_passthrough_info = { + .name = TYPE_TPM_PASSTHROUGH, + .parent = TYPE_TPM_BACKEND, + .instance_size = sizeof(TPMPassthruState), + .class_init = tpm_passthrough_class_init, + .instance_init = tpm_passthrough_inst_init, + .instance_finalize = tpm_passthrough_inst_finalize, +}; + +static void tpm_passthrough_register(void) +{ + type_register_static(&tpm_passthrough_info); +} + +type_init(tpm_passthrough_register) diff --git a/backends/tpm/tpm_util.c b/backends/tpm/tpm_util.c new file mode 100644 index 000000000..a6e6d3e72 --- /dev/null +++ b/backends/tpm/tpm_util.c @@ -0,0 +1,369 @@ +/* + * TPM utility functions + * + * Copyright (c) 2010 - 2015 IBM Corporation + * Authors: + * Stefan Berger <stefanb@us.ibm.com> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see <http://www.gnu.org/licenses/> + */ + +#include "qemu/osdep.h" +#include "qemu/error-report.h" +#include "qapi/error.h" +#include "qapi/visitor.h" +#include "tpm_int.h" +#include "exec/memory.h" +#include "hw/qdev-properties.h" +#include "sysemu/tpm_backend.h" +#include "sysemu/tpm_util.h" +#include "trace.h" + +/* tpm backend property */ + +static void get_tpm(Object *obj, Visitor *v, const char *name, void *opaque, + Error **errp) +{ + TPMBackend **be = object_field_prop_ptr(obj, opaque); + char *p; + + p = g_strdup(*be ? (*be)->id : ""); + visit_type_str(v, name, &p, errp); + g_free(p); +} + +static void set_tpm(Object *obj, Visitor *v, const char *name, void *opaque, + Error **errp) +{ + Property *prop = opaque; + TPMBackend *s, **be = object_field_prop_ptr(obj, prop); + char *str; + + if (!visit_type_str(v, name, &str, errp)) { + return; + } + + s = qemu_find_tpm_be(str); + if (s == NULL) { + error_setg(errp, "Property '%s.%s' can't find value '%s'", + object_get_typename(obj), name, str); + } else if (tpm_backend_init(s, TPM_IF(obj), errp) == 0) { + *be = s; /* weak reference, avoid cyclic ref */ + } + g_free(str); +} + +static void release_tpm(Object *obj, const char *name, void *opaque) +{ + Property *prop = opaque; + TPMBackend **be = object_field_prop_ptr(obj, prop); + + if (*be) { + tpm_backend_reset(*be); + } +} + +const PropertyInfo qdev_prop_tpm = { + .name = "str", + .description = "ID of a tpm to use as a backend", + .get = get_tpm, + .set = set_tpm, + .release = release_tpm, +}; + +/* + * Write an error message in the given output buffer. + */ +void tpm_util_write_fatal_error_response(uint8_t *out, uint32_t out_len) +{ + if (out_len >= sizeof(struct tpm_resp_hdr)) { + tpm_cmd_set_tag(out, TPM_TAG_RSP_COMMAND); + tpm_cmd_set_size(out, sizeof(struct tpm_resp_hdr)); + tpm_cmd_set_error(out, TPM_FAIL); + } +} + +bool tpm_util_is_selftest(const uint8_t *in, uint32_t in_len) +{ + if (in_len >= sizeof(struct tpm_req_hdr)) { + return tpm_cmd_get_ordinal(in) == TPM_ORD_ContinueSelfTest; + } + + return false; +} + +/* + * Send request to a TPM device. We expect a response within one second. + */ +static int tpm_util_request(int fd, + const void *request, + size_t requestlen, + void *response, + size_t responselen) +{ + fd_set readfds; + int n; + struct timeval tv = { + .tv_sec = 1, + .tv_usec = 0, + }; + + n = write(fd, request, requestlen); + if (n < 0) { + return -errno; + } + if (n != requestlen) { + return -EFAULT; + } + + FD_ZERO(&readfds); + FD_SET(fd, &readfds); + + /* wait for a second */ + n = select(fd + 1, &readfds, NULL, NULL, &tv); + if (n != 1) { + return -errno; + } + + n = read(fd, response, responselen); + if (n < sizeof(struct tpm_resp_hdr)) { + return -EFAULT; + } + + /* check the header */ + if (tpm_cmd_get_size(response) != n) { + return -EMSGSIZE; + } + + return 0; +} + +/* + * A basic test of a TPM device. We expect a well formatted response header + * (error response is fine). + */ +static int tpm_util_test(int fd, + const void *request, + size_t requestlen, + uint16_t *return_tag) +{ + char buf[1024]; + ssize_t ret; + + ret = tpm_util_request(fd, request, requestlen, + buf, sizeof(buf)); + if (ret < 0) { + return ret; + } + + *return_tag = tpm_cmd_get_tag(buf); + + return 0; +} + +/* + * Probe for the TPM device in the back + * Returns 0 on success with the version of the probed TPM set, 1 on failure. + */ +int tpm_util_test_tpmdev(int tpm_fd, TPMVersion *tpm_version) +{ + /* + * Sending a TPM1.2 command to a TPM2 should return a TPM1.2 + * header (tag = 0xc4) and error code (TPM_BADTAG = 0x1e) + * + * Sending a TPM2 command to a TPM 2 will give a TPM 2 tag in the + * header. + * Sending a TPM2 command to a TPM 1.2 will give a TPM 1.2 tag + * in the header and an error code. + */ + const struct tpm_req_hdr test_req = { + .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), + .len = cpu_to_be32(sizeof(test_req)), + .ordinal = cpu_to_be32(TPM_ORD_GetTicks), + }; + + const struct tpm_req_hdr test_req_tpm2 = { + .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), + .len = cpu_to_be32(sizeof(test_req_tpm2)), + .ordinal = cpu_to_be32(TPM2_CC_ReadClock), + }; + uint16_t return_tag; + int ret; + + /* Send TPM 2 command */ + ret = tpm_util_test(tpm_fd, &test_req_tpm2, + sizeof(test_req_tpm2), &return_tag); + /* TPM 2 would respond with a tag of TPM2_ST_NO_SESSIONS */ + if (!ret && return_tag == TPM2_ST_NO_SESSIONS) { + *tpm_version = TPM_VERSION_2_0; + return 0; + } + + /* Send TPM 1.2 command */ + ret = tpm_util_test(tpm_fd, &test_req, + sizeof(test_req), &return_tag); + if (!ret && return_tag == TPM_TAG_RSP_COMMAND) { + *tpm_version = TPM_VERSION_1_2; + /* this is a TPM 1.2 */ + return 0; + } + + *tpm_version = TPM_VERSION_UNSPEC; + + return 1; +} + +int tpm_util_get_buffer_size(int tpm_fd, TPMVersion tpm_version, + size_t *buffersize) +{ + int ret; + + switch (tpm_version) { + case TPM_VERSION_1_2: { + const struct tpm_req_get_buffer_size { + struct tpm_req_hdr hdr; + uint32_t capability; + uint32_t len; + uint32_t subcap; + } QEMU_PACKED tpm_get_buffer_size = { + .hdr = { + .tag = cpu_to_be16(TPM_TAG_RQU_COMMAND), + .len = cpu_to_be32(sizeof(tpm_get_buffer_size)), + .ordinal = cpu_to_be32(TPM_ORD_GetCapability), + }, + .capability = cpu_to_be32(TPM_CAP_PROPERTY), + .len = cpu_to_be32(sizeof(uint32_t)), + .subcap = cpu_to_be32(TPM_CAP_PROP_INPUT_BUFFER), + }; + struct tpm_resp_get_buffer_size { + struct tpm_resp_hdr hdr; + uint32_t len; + uint32_t buffersize; + } QEMU_PACKED tpm_resp; + + ret = tpm_util_request(tpm_fd, &tpm_get_buffer_size, + sizeof(tpm_get_buffer_size), + &tpm_resp, sizeof(tpm_resp)); + if (ret < 0) { + return ret; + } + + if (be32_to_cpu(tpm_resp.hdr.len) != sizeof(tpm_resp) || + be32_to_cpu(tpm_resp.len) != sizeof(uint32_t)) { + trace_tpm_util_get_buffer_size_hdr_len( + be32_to_cpu(tpm_resp.hdr.len), + sizeof(tpm_resp)); + trace_tpm_util_get_buffer_size_len(be32_to_cpu(tpm_resp.len), + sizeof(uint32_t)); + error_report("tpm_util: Got unexpected response to " + "TPM_GetCapability; errcode: 0x%x", + be32_to_cpu(tpm_resp.hdr.errcode)); + return -EFAULT; + } + *buffersize = be32_to_cpu(tpm_resp.buffersize); + break; + } + case TPM_VERSION_2_0: { + const struct tpm2_req_get_buffer_size { + struct tpm_req_hdr hdr; + uint32_t capability; + uint32_t property; + uint32_t count; + } QEMU_PACKED tpm2_get_buffer_size = { + .hdr = { + .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), + .len = cpu_to_be32(sizeof(tpm2_get_buffer_size)), + .ordinal = cpu_to_be32(TPM2_CC_GetCapability), + }, + .capability = cpu_to_be32(TPM2_CAP_TPM_PROPERTIES), + .property = cpu_to_be32(TPM2_PT_MAX_COMMAND_SIZE), + .count = cpu_to_be32(2), /* also get TPM2_PT_MAX_RESPONSE_SIZE */ + }; + struct tpm2_resp_get_buffer_size { + struct tpm_resp_hdr hdr; + uint8_t more; + uint32_t capability; + uint32_t count; + uint32_t property1; + uint32_t value1; + uint32_t property2; + uint32_t value2; + } QEMU_PACKED tpm2_resp; + + ret = tpm_util_request(tpm_fd, &tpm2_get_buffer_size, + sizeof(tpm2_get_buffer_size), + &tpm2_resp, sizeof(tpm2_resp)); + if (ret < 0) { + return ret; + } + + if (be32_to_cpu(tpm2_resp.hdr.len) != sizeof(tpm2_resp) || + be32_to_cpu(tpm2_resp.count) != 2) { + trace_tpm_util_get_buffer_size_hdr_len2( + be32_to_cpu(tpm2_resp.hdr.len), + sizeof(tpm2_resp)); + trace_tpm_util_get_buffer_size_len2( + be32_to_cpu(tpm2_resp.count), 2); + error_report("tpm_util: Got unexpected response to " + "TPM2_GetCapability; errcode: 0x%x", + be32_to_cpu(tpm2_resp.hdr.errcode)); + return -EFAULT; + } + *buffersize = MAX(be32_to_cpu(tpm2_resp.value1), + be32_to_cpu(tpm2_resp.value2)); + break; + } + case TPM_VERSION_UNSPEC: + return -EFAULT; + } + + trace_tpm_util_get_buffer_size(*buffersize); + + return 0; +} + +void tpm_sized_buffer_reset(TPMSizedBuffer *tsb) +{ + g_free(tsb->buffer); + tsb->buffer = NULL; + tsb->size = 0; +} + +void tpm_util_show_buffer(const unsigned char *buffer, + size_t buffer_size, const char *string) +{ + size_t len, i; + char *line_buffer, *p; + + if (!trace_event_get_state_backends(TRACE_TPM_UTIL_SHOW_BUFFER)) { + return; + } + len = MIN(tpm_cmd_get_size(buffer), buffer_size); + + /* + * allocate enough room for 3 chars per buffer entry plus a + * newline after every 16 chars and a final null terminator. + */ + line_buffer = g_malloc(len * 3 + (len / 16) + 1); + + for (i = 0, p = line_buffer; i < len; i++) { + if (i && !(i % 16)) { + p += sprintf(p, "\n"); + } + p += sprintf(p, "%.2X ", buffer[i]); + } + trace_tpm_util_show_buffer(string, len, line_buffer); + + g_free(line_buffer); +} diff --git a/backends/tpm/trace-events b/backends/tpm/trace-events new file mode 100644 index 000000000..3298766dd --- /dev/null +++ b/backends/tpm/trace-events @@ -0,0 +1,33 @@ +# See docs/devel/tracing.rst for syntax documentation. + +# tpm_passthrough.c +tpm_passthrough_handle_request(void *cmd) "processing command %p" +tpm_passthrough_reset(void) "reset" + +# tpm_util.c +tpm_util_get_buffer_size_hdr_len(uint32_t len, size_t expected) "tpm_resp->hdr.len = %u, expected = %zu" +tpm_util_get_buffer_size_len(uint32_t len, size_t expected) "tpm_resp->len = %u, expected = %zu" +tpm_util_get_buffer_size_hdr_len2(uint32_t len, size_t expected) "tpm2_resp->hdr.len = %u, expected = %zu" +tpm_util_get_buffer_size_len2(uint32_t len, size_t expected) "tpm2_resp->len = %u, expected = %zu" +tpm_util_get_buffer_size(size_t len) "buffersize of device: %zu" +tpm_util_show_buffer(const char *direction, size_t len, const char *buf) "direction: %s len: %zu\n%s" + +# tpm_emulator.c +tpm_emulator_set_locality(uint8_t locty) "setting locality to %d" +tpm_emulator_handle_request(void) "processing TPM command" +tpm_emulator_probe_caps(uint64_t caps) "capabilities: 0x%"PRIx64 +tpm_emulator_set_buffer_size(uint32_t buffersize, uint32_t minsize, uint32_t maxsize) "buffer size: %u, min: %u, max: %u" +tpm_emulator_startup_tpm_resume(bool is_resume, size_t buffersize) "is_resume: %d, buffer size: %zu" +tpm_emulator_get_tpm_established_flag(uint8_t flag) "got established flag: %d" +tpm_emulator_cancel_cmd_not_supt(void) "Backend does not support CANCEL_TPM_CMD" +tpm_emulator_handle_device_opts_tpm12(void) "TPM Version 1.2" +tpm_emulator_handle_device_opts_tpm2(void) "TPM Version 2" +tpm_emulator_handle_device_opts_unspec(void) "TPM Version Unspecified" +tpm_emulator_handle_device_opts_startup_error(void) "Startup error" +tpm_emulator_get_state_blob(uint8_t type, uint32_t size, uint32_t flags) "got state blob type %d, %u bytes, flags 0x%08x" +tpm_emulator_set_state_blob(uint8_t type, uint32_t size, uint32_t flags) "set state blob type %d, %u bytes, flags 0x%08x" +tpm_emulator_set_state_blobs(void) "setting state blobs" +tpm_emulator_set_state_blobs_error(const char *msg) "error while setting state blobs: %s" +tpm_emulator_set_state_blobs_done(void) "Done setting state blobs" +tpm_emulator_pre_save(void) "" +tpm_emulator_inst_init(void) "" diff --git a/backends/tpm/trace.h b/backends/tpm/trace.h new file mode 100644 index 000000000..40c472988 --- /dev/null +++ b/backends/tpm/trace.h @@ -0,0 +1 @@ +#include "trace/trace-backends_tpm.h" diff --git a/backends/trace-events b/backends/trace-events new file mode 100644 index 000000000..652eb76a5 --- /dev/null +++ b/backends/trace-events @@ -0,0 +1,7 @@ +# See docs/devel/tracing.rst for syntax documentation. + +# dbus-vmstate.c +dbus_vmstate_pre_save(void) +dbus_vmstate_post_load(int version_id) "version_id: %d" +dbus_vmstate_loading(const char *id) "id: %s" +dbus_vmstate_saving(const char *id) "id: %s" diff --git a/backends/trace.h b/backends/trace.h new file mode 100644 index 000000000..77fe57f36 --- /dev/null +++ b/backends/trace.h @@ -0,0 +1 @@ +#include "trace/trace-backends.h" diff --git a/backends/vhost-user.c b/backends/vhost-user.c new file mode 100644 index 000000000..10b39992d --- /dev/null +++ b/backends/vhost-user.c @@ -0,0 +1,207 @@ +/* + * QEMU vhost-user backend + * + * Copyright (C) 2018 Red Hat Inc + * + * Authors: + * Marc-André Lureau <marcandre.lureau@redhat.com> + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "qapi/qmp/qerror.h" +#include "qemu/error-report.h" +#include "qom/object_interfaces.h" +#include "sysemu/vhost-user-backend.h" +#include "sysemu/kvm.h" +#include "io/channel-command.h" +#include "hw/virtio/virtio-bus.h" + +static bool +ioeventfd_enabled(void) +{ + return kvm_enabled() && kvm_eventfds_enabled(); +} + +int +vhost_user_backend_dev_init(VhostUserBackend *b, VirtIODevice *vdev, + unsigned nvqs, Error **errp) +{ + int ret; + + assert(!b->vdev && vdev); + + if (!ioeventfd_enabled()) { + error_setg(errp, "vhost initialization failed: requires kvm"); + return -1; + } + + if (!vhost_user_init(&b->vhost_user, &b->chr, errp)) { + return -1; + } + + b->vdev = vdev; + b->dev.nvqs = nvqs; + b->dev.vqs = g_new0(struct vhost_virtqueue, nvqs); + + ret = vhost_dev_init(&b->dev, &b->vhost_user, VHOST_BACKEND_TYPE_USER, 0, + errp); + if (ret < 0) { + return -1; + } + + return 0; +} + +void +vhost_user_backend_start(VhostUserBackend *b) +{ + BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(b->vdev))); + VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus); + int ret, i ; + + if (b->started) { + return; + } + + if (!k->set_guest_notifiers) { + error_report("binding does not support guest notifiers"); + return; + } + + ret = vhost_dev_enable_notifiers(&b->dev, b->vdev); + if (ret < 0) { + return; + } + + ret = k->set_guest_notifiers(qbus->parent, b->dev.nvqs, true); + if (ret < 0) { + error_report("Error binding guest notifier"); + goto err_host_notifiers; + } + + b->dev.acked_features = b->vdev->guest_features; + ret = vhost_dev_start(&b->dev, b->vdev); + if (ret < 0) { + error_report("Error start vhost dev"); + goto err_guest_notifiers; + } + + /* guest_notifier_mask/pending not used yet, so just unmask + * everything here. virtio-pci will do the right thing by + * enabling/disabling irqfd. + */ + for (i = 0; i < b->dev.nvqs; i++) { + vhost_virtqueue_mask(&b->dev, b->vdev, + b->dev.vq_index + i, false); + } + + b->started = true; + return; + +err_guest_notifiers: + k->set_guest_notifiers(qbus->parent, b->dev.nvqs, false); +err_host_notifiers: + vhost_dev_disable_notifiers(&b->dev, b->vdev); +} + +void +vhost_user_backend_stop(VhostUserBackend *b) +{ + BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(b->vdev))); + VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus); + int ret = 0; + + if (!b->started) { + return; + } + + vhost_dev_stop(&b->dev, b->vdev); + + if (k->set_guest_notifiers) { + ret = k->set_guest_notifiers(qbus->parent, + b->dev.nvqs, false); + if (ret < 0) { + error_report("vhost guest notifier cleanup failed: %d", ret); + } + } + assert(ret >= 0); + + vhost_dev_disable_notifiers(&b->dev, b->vdev); + b->started = false; +} + +static void set_chardev(Object *obj, const char *value, Error **errp) +{ + VhostUserBackend *b = VHOST_USER_BACKEND(obj); + Chardev *chr; + + if (b->completed) { + error_setg(errp, QERR_PERMISSION_DENIED); + return; + } + + g_free(b->chr_name); + b->chr_name = g_strdup(value); + + chr = qemu_chr_find(b->chr_name); + if (chr == NULL) { + error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND, + "Chardev '%s' not found", b->chr_name); + return; + } + + if (!qemu_chr_fe_init(&b->chr, chr, errp)) { + return; + } + + b->completed = true; + /* could call vhost_dev_init() so early message can be exchanged */ +} + +static char *get_chardev(Object *obj, Error **errp) +{ + VhostUserBackend *b = VHOST_USER_BACKEND(obj); + Chardev *chr = qemu_chr_fe_get_driver(&b->chr); + + if (chr && chr->label) { + return g_strdup(chr->label); + } + + return NULL; +} + +static void vhost_user_backend_class_init(ObjectClass *oc, void *data) +{ + object_class_property_add_str(oc, "chardev", get_chardev, set_chardev); +} + +static void vhost_user_backend_finalize(Object *obj) +{ + VhostUserBackend *b = VHOST_USER_BACKEND(obj); + + g_free(b->dev.vqs); + g_free(b->chr_name); + + vhost_user_cleanup(&b->vhost_user); + qemu_chr_fe_deinit(&b->chr, true); +} + +static const TypeInfo vhost_user_backend_info = { + .name = TYPE_VHOST_USER_BACKEND, + .parent = TYPE_OBJECT, + .instance_size = sizeof(VhostUserBackend), + .class_init = vhost_user_backend_class_init, + .instance_finalize = vhost_user_backend_finalize, +}; + +static void register_types(void) +{ + type_register_static(&vhost_user_backend_info); +} + +type_init(register_types); |