master

分支 (22)

标签 (16)

管理

管理

master

openEuler-22.03-LTS

openEuler-22.03-LTS-Next

openEuler-22.03-LTS-SP3

openEuler-22.03-LTS-SP2

openEuler-22.03-LTS-SP1

openEuler-23.09

openEuler-20.03-LTS-SP1

openEuler-20.03-LTS-SP3

openEuler-20.03-LTS-SP4

openEuler-23.03

openEuler-22.09

openEuler-20.03-LTS-Next

openEuler-20.03-LTS

openEuler-20.03-LTS-SP2

openEuler-21.09

openEuler-21.03

openEuler-20.09

riscv

riscv-tmp

openEuler-23.09-rc5

openEuler-22.03-LTS-SP1-release

openEuler-22.09-release

openEuler-22.09-rc5

openEuler-22.09-20220829

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

openEuler-21.03-20210330

openEuler-20.09-20200929

openEuler-20.03-LTS-20200606

openEuler-20.03-LTS-tag

qemu
/
hw-arm-virt-Check-for-attempt-to-use-...

From fd9cd16407e9d98807c631521ff1fcb83bfefac4 Mon Sep 17 00:00:00 2001
From: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
Date: Mon, 21 Aug 2023 06:21:27 +0000
Subject: [PATCH] hw/arm/virt: Check for attempt to use TrustZone  with KVM or
 HVF mainline inclusion commit 78255ce392dc8596f9886476ad1e5c3c67f1c10a
 category: bugfix

---------------------------------------------------------------

It's not possible to provide the guest with the Security extensions
(TrustZone) when using KVM or HVF, because the hardware
virtualization extensions don't permit running EL3 guest code.
However, we weren't checking for this combination, with the result
that QEMU would assert if you tried it:

$ qemu-system-aarch64 -enable-kvm -machine virt,secure=on -cpu host -display none
Unexpected error in object_property_find_err() at ../../qom/object.c:1304:
qemu-system-aarch64: Property 'host-arm-cpu.secure-memory' not found
Aborted

Check for this combination of options and report an error, in the
same way we already do for attempts to give a KVM or HVF guest the
Virtualization or MTE extensions. Now we will report:

qemu-system-aarch64: mach-virt: KVM does not support providing Security extensions (TrustZone) to the guest CPU

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/961
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220404155301.566542-1-peter.maydell@linaro.org

Signed-off-by: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
---
 hw/arm/virt.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 4c876fcf16..93554cccf1 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -2097,6 +2097,13 @@ static void machvirt_init(MachineState *machine)
         exit(1);
     }

+    if (vms->secure && (kvm_enabled() || hvf_enabled())) {
+        error_report("mach-virt: %s does not support providing "
+                     "Security extensions (TrustZone) to the guest CPU",
+                     kvm_enabled() ? "KVM" : "HVF");
+        exit(1);
+    }
+
     if (vms->virt && (kvm_enabled() || hvf_enabled())) {
         error_report("mach-virt: %s does not support providing "
                      "Virtualization extensions to the guest CPU",
--
2.41.0.windows.1