Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-4.2-20190821' into staging

/* An X_MASK with the RA and RB fields fixed.  */

#define XRARB_MASK (X_MASK | RA_MASK | RB_MASK)

/* An X form instruction with the RA field fixed.  */

#define XRA(op, xop, ra) (X((op), (xop)) | (((ra) << 16) & XRA_MASK))

/* An XRARB_MASK, but with the L bit clear.  */

#define XRLARB_MASK (XRARB_MASK & ~((unsigned long) 1 << 16))

{ "ddivq",   XRC(63,546,0), X_MASK,	POWER6,		{ FRT, FRA, FRB } },

{ "ddivq.",  XRC(63,546,1), X_MASK,	POWER6,		{ FRT, FRA, FRB } },

{ "mffsl",   XRA(63,583,12), XRARB_MASK,	POWER9,	{ FRT } },

{ "mffs",    XRC(63,583,0), XRARB_MASK,	COM,		{ FRT } },

{ "mffs.",   XRC(63,583,1), XRARB_MASK,	COM,		{ FRT } },

On PPC64 systems supporting Protected Execution Facility (PEF), system

memory can be placed in a secured region where only an "ultravisor"

running in firmware can provide to access it. pseries guests on such

systems can communicate with the ultravisor (via ultracalls) to switch to a

secure VM mode (SVM) where the guest's memory is relocated to this secured

region, making its memory inaccessible to normal processes/guests running on

the host.

The various ultracalls/hypercalls relating to SVM mode are currently

only documented internally, but are planned for direct inclusion into the

public OpenPOWER version of the PAPR specification (LoPAPR/LoPAR). An internal

ACR has been filed to reserve a hypercall number range specific to this

use-case to avoid any future conflicts with the internally-maintained PAPR

specification. This document summarizes some of these details as they relate

to QEMU.

== hypercalls needed by the ultravisor ==

Switching to SVM mode involves a number of hcalls issued by the ultravisor

to the hypervisor to orchestrate the movement of guest memory to secure

memory and various other aspects SVM mode. Numbers are assigned for these

hcalls within the reserved range 0xEF00-0xEF80. The below documents the

hcalls relevant to QEMU.

- H_TPM_COMM (0xef10)

  For TPM_COMM_OP_EXECUTE operation:

    Send a request to a TPM and receive a response, opening a new TPM session

    if one has not already been opened.

  For TPM_COMM_OP_CLOSE_SESSION operation:

    Close the existing TPM session, if any.

  Arguments:

    r3 : H_TPM_COMM (0xef10)

    r4 : TPM operation, one of:

         TPM_COMM_OP_EXECUTE (0x1)

         TPM_COMM_OP_CLOSE_SESSION (0x2)

    r5 : in_buffer, guest physical address of buffer containing the request

         - Caller may use the same address for both request and response

    r6 : in_size, size of the in buffer

         - Must be less than or equal to 4KB

    r7 : out_buffer, guest physical address of buffer to store the response

         - Caller may use the same address for both request and response

    r8 : out_size, size of the out buffer

         - Must be at least 4KB, as this is the maximum request/response size

           supported by most TPM implementations, including the TPM Resource

           Manager in the linux kernel.

  Return values:

    r3 : H_Success    request processed successfully

         H_PARAMETER  invalid TPM operation

         H_P2         in_buffer is invalid

         H_P3         in_size is invalid

         H_P4         out_buffer is invalid

         H_P5         out_size is invalid

         H_RESOURCE   problem communicating with TPM

         H_FUNCTION   TPM access is not currently allowed/configured

    r4 : For TPM_COMM_OP_EXECUTE, the size of the response will be stored here

         upon success.

  Use-case/notes:

    SVM filesystems are encrypted using a symmetric key. This key is then

    wrapped/encrypted using the public key of a trusted system which has the

    private key stored in the system's TPM. An Ultravisor will use this

    hcall to unwrap/unseal the symmetric key using the system's TPM device

    or a TPM Resource Manager associated with the device.

    The Ultravisor sets up a separate session key with the TPM in advance

    during host system boot. All sensitive in and out values will be

    encrypted using the session key. Though the hypervisor will see the 'in'

    and 'out' buffers in raw form, any sensitive contents will generally be

    encrypted using this session key.

}

type_init(machvirt_machine_init);

static void virt_machine_4_2_options(MachineClass *mc)

{

}

DEFINE_VIRT_MACHINE_AS_LATEST(4, 2)

static void virt_machine_4_1_options(MachineClass *mc)

{

    virt_machine_4_2_options(mc);

    compat_props_add(mc->compat_props, hw_compat_4_1, hw_compat_4_1_len);

}

DEFINE_VIRT_MACHINE_AS_LATEST(4, 1)

DEFINE_VIRT_MACHINE(4, 1)

static void virt_machine_4_0_options(MachineClass *mc)

{

    int n = 0;

    while ((n < max) && (dev->out != dev->in)) {

        buf[n++] = dev->buf[dev->out++ % VTERM_BUFSIZE];

        /* PowerVM's vty implementation has a bug where it inserts a

         * \0 after every \r going to the guest.  Existing guests have

         * a workaround for this which removes every \0 immediately

         * following a \r, so here we make ourselves bug-for-bug

         * compatible, so that the guest won't drop a real \0-after-\r

         * that happens to occur in a binary stream. */

        if (buf[n - 1] == '\r') {

            if (n < max) {

                buf[n++] = '\0';

            } else {

                /* No room for the extra \0, roll back and try again

                 * next time */

                dev->out--;

                n--;

        /*

         * Long ago, PowerVM's vty implementation had a bug where it

         * inserted a \0 after every \r going to the guest.  Existing

         * guests have a workaround for this which removes every \0

         * immediately following a \r.  To avoid triggering this

         * workaround, we stop before inserting a \0 if the preceding

         * character in the output buffer is a \r.

         */

        if (n > 0 && (buf[n - 1] == '\r') &&

                (dev->buf[dev->out % VTERM_BUFSIZE] == '\0')) {

            break;

        }

        }

        buf[n++] = dev->buf[dev->out++ % VTERM_BUFSIZE];

    }

    qemu_chr_fe_accept_input(&dev->chardev);

#include "hw/pci/pci.h"

#include "hw/mem/nvdimm.h"

GlobalProperty hw_compat_4_1[] = {};

const size_t hw_compat_4_1_len = G_N_ELEMENTS(hw_compat_4_1);

GlobalProperty hw_compat_4_0[] = {

    { "VGA",            "edid", "false" },

    { "secondary-vga",  "edid", "false" },