From patchwork Thu Apr 21 11:18:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 564314 Delivered-To: patch@linaro.org Received: by 2002:a05:7000:6886:0:0:0:0 with SMTP id m6csp341601map; Thu, 21 Apr 2022 04:21:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxG5Fi/RI4+08XtHJ3MPmAFbxDNNKXRAbItAqpjGt7LGJ2op/8TcD96q2+BumGE+CeucVRT X-Received: by 2002:a05:6214:29e7:b0:446:6d26:2440 with SMTP id jv7-20020a05621429e700b004466d262440mr10812840qvb.118.1650540105123; Thu, 21 Apr 2022 04:21:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650540105; cv=none; d=google.com; s=arc-20160816; b=gggNqxXcyVl4WVNP7jW45NYvqQ/WXjRl/3py1cwyU5iwSomgjn8Ddzi/V1PwR2ZWXD 1jFU2Jg27EFAuzvbZcx2cI0hpT+fB09VX3A1rfxQPkqpr0lqE5wVapfmr19XIwM67Rti 9zeVBE7d6PxOQg+v7v/lhanbHwARuFVtXDJEwkCNQSpxRcqTTLr1kotRwoUOpg9S3UrL Ptdeit8sXU1pZTTCmK5iAIplUW/zZ9zKSPsGeIt4JyhT3+rKowDnW/NkDfMf1QtljFLA OIiH3sxYbXvHqKyXVwCEpkMDBoxuWzSgCFfX2DTXlGVcGOPlwHFo+8HF/1SCgdsTb79Z X+Aw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=MEtor4j+P9zV/cCDr31gN48wrx6xOJygpWmwTKMQDwk=; b=gRpQGSYu7UmelaNSB0BltOH5FaG3C234nrjBC+yt3IHWehZIpJQB485ZzpWqP6Po5X VhGoVmW9EVck0ecteHppLct/Nd7yGhBJrOsoLIrekWlps3X4w0cjqgLOaVmrnPwyv4zk mwPKz6MOo4oeh1ZY50T9JrXDxDGckzF62/O3hrr/g4+2vnQnnZpwjstiP/hRbOs2p8yA JmdcCOEn5SuMoG40HTiygsEFVaggSDpccmjCoIgStJb3rWijgpu5S/1LL5O5H/vvoelE GHP3lWEqmFisv5W5yCGVufiUDTvYrPXwBlrZEGG4nbjkfobfe3jMnEwvfYAsujTX/KFL D3jA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=V+xylE73; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id w11-20020ac84d0b000000b002f1e866a306si1180987qtv.559.2022.04.21.04.21.45 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 21 Apr 2022 04:21:45 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=V+xylE73; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:59416 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nhUsa-0003ZB-MK for patch@linaro.org; Thu, 21 Apr 2022 07:21:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59032) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nhUpo-0002g2-L1 for qemu-devel@nongnu.org; Thu, 21 Apr 2022 07:18:52 -0400 Received: from mail-wm1-x334.google.com ([2a00:1450:4864:20::334]:41510) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nhUpm-0003Q0-LF for qemu-devel@nongnu.org; Thu, 21 Apr 2022 07:18:52 -0400 Received: by mail-wm1-x334.google.com with SMTP id o20-20020a05600c511400b0038ebbbb2ad8so3203081wms.0 for ; Thu, 21 Apr 2022 04:18:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=MEtor4j+P9zV/cCDr31gN48wrx6xOJygpWmwTKMQDwk=; b=V+xylE735e+Mbe6ZBvaUKQJv1i9wA3UBx+FbQfh7PU5RmY0z79rASvlg79cQovQgAM /KiR0QCpaSceW/w/qrNqXVhYJUrqRnvFTV3GLt17wbNNsOIxqTGWW1x7puYFG2ENJyGr QMCOuS1tLkSFlYg0Ify40oIPh50d1rI0pMR0kgMTV4Wn48ihAhj4nuFNd/27mNflAL2w W2yP4CS+XQzO6ZHBnOFRKRZol44q6B4kTrLmuUTAayWflDAepeJMvyROC3QHG+NzF2br +Qdn+hXoNoJhWUQGqMXN78mTa2sN8bmBJAwwfF1lqVYOqdLchX2itLE5wknzvrgx/ndh VHug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=MEtor4j+P9zV/cCDr31gN48wrx6xOJygpWmwTKMQDwk=; b=BBW8jkdm40ObAgviGcwxcDH/Hx+eltzCRdVebNGcenhf8gzGt7svQEf7jlqUspegoV OUoirrvWpwTVV1kZtYVC+NyB01x2ZaP2UXU7iC6baan31NfQAY0oV/xeQ1jf6QhVJIKV RLkK9+N6bRNTK8C2iCrkWhiot8Vvin0qkDiHadyuax7aX0BGxnYbs2XKo6L200H4VEbr jkAwP6eAGKrsVLOMZrF+/c9nn7TcVHqd7Rh+a9AWfj8Lbjw/UStrkj79Uls7gTlMv5xE iYlIrhzhcm6wiKg7c1JyPvE0u+RAv1C7Yf6CgHDvKCaV2dHSRvyAmiAbGpWlls2D2do9 odCA== X-Gm-Message-State: AOAM531hp07AajJePupq//D47sjkB9t0UILWg02NmbyqW16+J9VUYNAd x+FVxER+iaQFbrukV4wIQ07KT//m9yWkQQ== X-Received: by 2002:a05:600c:1552:b0:38e:c7a4:f056 with SMTP id f18-20020a05600c155200b0038ec7a4f056mr8169781wmg.183.1650539928956; Thu, 21 Apr 2022 04:18:48 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id e4-20020a5d6d04000000b0020a8bbbb72bsm2597694wrq.97.2022.04.21.04.18.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Apr 2022 04:18:48 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Subject: [PULL 01/31] hw/arm/virt: Check for attempt to use TrustZone with KVM or HVF Date: Thu, 21 Apr 2022 12:18:16 +0100 Message-Id: <20220421111846.2011565-2-peter.maydell@linaro.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220421111846.2011565-1-peter.maydell@linaro.org> References: <20220421111846.2011565-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::334; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x334.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" It's not possible to provide the guest with the Security extensions (TrustZone) when using KVM or HVF, because the hardware virtualization extensions don't permit running EL3 guest code. However, we weren't checking for this combination, with the result that QEMU would assert if you tried it: $ qemu-system-aarch64 -enable-kvm -machine virt,secure=on -cpu host -display none Unexpected error in object_property_find_err() at ../../qom/object.c:1304: qemu-system-aarch64: Property 'host-arm-cpu.secure-memory' not found Aborted Check for this combination of options and report an error, in the same way we already do for attempts to give a KVM or HVF guest the Virtualization or MTE extensions. Now we will report: qemu-system-aarch64: mach-virt: KVM does not support providing Security extensions (TrustZone) to the guest CPU Resolves: https://gitlab.com/qemu-project/qemu/-/issues/961 Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Message-id: 20220404155301.566542-1-peter.maydell@linaro.org --- hw/arm/virt.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index 9284f7d28e6..bb6a2484d81 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -2048,6 +2048,13 @@ static void machvirt_init(MachineState *machine) exit(1); } + if (vms->secure && (kvm_enabled() || hvf_enabled())) { + error_report("mach-virt: %s does not support providing " + "Security extensions (TrustZone) to the guest CPU", + kvm_enabled() ? "KVM" : "HVF"); + exit(1); + } + if (vms->virt && (kvm_enabled() || hvf_enabled())) { error_report("mach-virt: %s does not support providing " "Virtualization extensions to the guest CPU",