From: Janosch Frank <frankja@linux.ibm.com>
To: kvm@vger.kernel.org
Cc: linux-s390@vger.kernel.org, thuth@redhat.com, david@redhat.com,
borntraeger@de.ibm.com, imbrenda@linux.ibm.com,
mihajlov@linux.ibm.com, mimu@linux.ibm.com, cohuck@redhat.com,
gor@linux.ibm.com, frankja@linux.ibm.com
Subject: [RFC 00/37] KVM: s390: Add support for protected VMs
Date: Thu, 24 Oct 2019 07:40:22 -0400 [thread overview]
Message-ID: <20191024114059.102802-1-frankja@linux.ibm.com> (raw)
Protected VMs (PVM) are KVM VMs, where KVM can't access the VM's state
like guest memory and guest registers anymore. Instead the PVMs are
mostly managed by a new entity called Ultravisor (UV), which provides
an API, so KVM and the PV can request management actions.
PVMs are encrypted at rest and protected from hypervisor access while
running. They switch from a normal operation into protected mode, so
we can still use the standard boot process to load a encrypted blob
and then move it into protected mode.
Rebooting is only possible by passing through the unprotected/normal
mode and switching to protected again.
All patches are in the protvirt branch of the korg s390 kvm git.
Claudio will present the technology at his presentation at KVM Forum
2019.
Christian Borntraeger (1):
KVM: s390: protvirt: Add SCLP handling
Claudio Imbrenda (2):
KVM: s390: add missing include in gmap.h
KVM: s390: protvirt: Implement on-demand pinning
Janosch Frank (27):
DOCUMENTATION: protvirt: Protected virtual machine introduction
KVM: s390: protvirt: Add initial lifecycle handling
s390: KVM: Export PV handle to gmap
s390: UV: Add import and export to UV library
KVM: s390: protvirt: Secure memory is not mergeable
DOCUMENTATION: protvirt: Interrupt injection
KVM: s390: protvirt: Handle SE notification interceptions
DOCUMENTATION: protvirt: Instruction emulation
KVM: s390: protvirt: Handle spec exception loops
KVM: s390: protvirt: Add new gprs location handling
KVM: S390: protvirt: Introduce instruction data area bounce buffer
KVM: S390: protvirt: Instruction emulation
KVM: s390: protvirt: Make sure prefix is always protected
KVM: s390: protvirt: Write sthyi data to instruction data area
KVM: s390: protvirt: STSI handling
KVM: s390: protvirt: Only sync fmt4 registers
KVM: s390: protvirt: SIGP handling
KVM: s390: protvirt: Add program exception injection
KVM: s390: protvirt: Sync pv state
DOCUMENTATION: protvirt: Diag 308 IPL
KVM: s390: protvirt: Add diag 308 subcode 8 - 10 handling
KVM: s390: protvirt: UV calls diag308 0, 1
KVM: s390: Introduce VCPU reset IOCTL
KVM: s390: protvirt: Report CPU state to Ultravisor
KVM: s390: Fix cpu reset local IRQ clearing
KVM: s390: protvirt: Support cmd 5 operation state
KVM: s390: protvirt: Add UV debug trace
Michael Mueller (4):
KVM: s390: protvirt: Add interruption injection controls
KVM: s390: protvirt: Implement interruption injection
KVM: s390: protvirt: Add machine-check interruption injection controls
KVM: s390: protvirt: Implement machine-check interruption injection
Vasily Gorbik (3):
s390/protvirt: introduce host side setup
s390/protvirt: add ultravisor initialization
s390: add (non)secure page access exceptions handlers
.../admin-guide/kernel-parameters.txt | 5 +
Documentation/virtual/kvm/s390-pv-boot.txt | 62 +++
Documentation/virtual/kvm/s390-pv.txt | 97 ++++
arch/s390/boot/Makefile | 2 +-
arch/s390/boot/uv.c | 20 +-
arch/s390/include/asm/gmap.h | 4 +
arch/s390/include/asm/kvm_host.h | 103 +++-
arch/s390/include/asm/uv.h | 255 +++++++++-
arch/s390/include/uapi/asm/kvm.h | 5 +-
arch/s390/kernel/Makefile | 1 +
arch/s390/kernel/pgm_check.S | 4 +-
arch/s390/kernel/setup.c | 7 +-
arch/s390/kernel/uv.c | 121 +++++
arch/s390/kvm/Kconfig | 9 +
arch/s390/kvm/Makefile | 2 +-
arch/s390/kvm/diag.c | 7 +
arch/s390/kvm/intercept.c | 91 +++-
arch/s390/kvm/interrupt.c | 208 ++++++--
arch/s390/kvm/kvm-s390.c | 476 +++++++++++++++---
arch/s390/kvm/kvm-s390.h | 58 +++
arch/s390/kvm/priv.c | 9 +-
arch/s390/kvm/pv.c | 317 ++++++++++++
arch/s390/mm/fault.c | 64 +++
arch/s390/mm/gmap.c | 28 +-
include/uapi/linux/kvm.h | 42 ++
25 files changed, 1848 insertions(+), 149 deletions(-)
create mode 100644 Documentation/virtual/kvm/s390-pv-boot.txt
create mode 100644 Documentation/virtual/kvm/s390-pv.txt
create mode 100644 arch/s390/kernel/uv.c
create mode 100644 arch/s390/kvm/pv.c
--
2.20.1
next reply other threads:[~2019-10-24 11:41 UTC|newest]
Thread overview: 213+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-24 11:40 Janosch Frank [this message]
2019-10-24 11:40 ` [RFC 01/37] DOCUMENTATION: protvirt: Protected virtual machine introduction Janosch Frank
2019-11-01 8:18 ` Christian Borntraeger
2019-11-04 14:18 ` Cornelia Huck
2019-11-12 14:38 ` Janosch Frank
2019-10-24 11:40 ` [RFC 02/37] s390/protvirt: introduce host side setup Janosch Frank
2019-10-24 13:25 ` David Hildenbrand
2019-10-24 13:27 ` David Hildenbrand
2019-10-24 13:40 ` Christian Borntraeger
2019-10-24 15:52 ` David Hildenbrand
2019-10-24 16:30 ` Claudio Imbrenda
2019-10-24 16:54 ` David Hildenbrand
2019-10-28 14:54 ` Cornelia Huck
2019-10-28 20:20 ` Christian Borntraeger
2019-11-01 8:53 ` Christian Borntraeger
2019-11-04 14:26 ` Cornelia Huck
2019-11-12 14:47 ` Janosch Frank
2019-11-04 15:54 ` Cornelia Huck
2019-11-04 17:50 ` Christian Borntraeger
2019-11-05 9:26 ` Cornelia Huck
2019-11-08 12:14 ` Thomas Huth
2019-10-24 11:40 ` [RFC 03/37] s390/protvirt: add ultravisor initialization Janosch Frank
2019-10-25 9:21 ` David Hildenbrand
2019-10-28 15:48 ` Vasily Gorbik
2019-10-28 15:54 ` David Hildenbrand
2019-11-01 10:07 ` Christian Borntraeger
2019-11-07 15:28 ` Cornelia Huck
2019-11-07 15:32 ` Janosch Frank
2019-10-24 11:40 ` [RFC 04/37] KVM: s390: protvirt: Add initial lifecycle handling Janosch Frank
2019-10-25 8:58 ` David Hildenbrand
2019-10-25 9:02 ` David Hildenbrand
2019-11-04 8:18 ` Christian Borntraeger
2019-11-04 8:41 ` Janosch Frank
2019-11-07 16:29 ` Cornelia Huck
2019-11-08 7:36 ` Janosch Frank
2019-11-11 16:25 ` Cornelia Huck
2019-11-11 16:39 ` Janosch Frank
2019-11-11 16:54 ` Cornelia Huck
2019-11-13 10:05 ` Thomas Huth
2019-11-08 13:44 ` Thomas Huth
2019-11-13 10:28 ` Thomas Huth
2019-11-13 11:34 ` Janosch Frank
2019-11-13 14:03 ` [PATCH] Fix unpack Janosch Frank
2019-11-13 14:19 ` Thomas Huth
2019-11-13 14:36 ` Cornelia Huck
2019-11-13 11:48 ` [RFC 04/37] KVM: s390: protvirt: Add initial lifecycle handling Cornelia Huck
2019-10-24 11:40 ` [RFC 05/37] s390: KVM: Export PV handle to gmap Janosch Frank
2019-10-25 9:04 ` David Hildenbrand
2019-10-24 11:40 ` [RFC 06/37] s390: UV: Add import and export to UV library Janosch Frank
2019-10-25 8:31 ` David Hildenbrand
2019-10-25 8:39 ` Janosch Frank
2019-10-25 8:40 ` David Hildenbrand
2019-10-25 8:42 ` Janosch Frank
2019-11-01 11:26 ` Christian Borntraeger
2019-11-01 12:25 ` Janosch Frank
2019-11-01 12:39 ` Christian Borntraeger
2019-11-01 12:42 ` Christian Borntraeger
2019-11-11 16:40 ` Cornelia Huck
2019-11-11 16:56 ` Janosch Frank
2019-10-24 11:40 ` [RFC 07/37] KVM: s390: protvirt: Secure memory is not mergeable Janosch Frank
2019-10-24 16:07 ` David Hildenbrand
2019-10-24 16:33 ` Claudio Imbrenda
2019-10-24 16:49 ` David Hildenbrand
2019-10-25 7:18 ` Janosch Frank
2019-10-25 8:04 ` David Hildenbrand
2019-10-25 8:20 ` Janosch Frank
2019-10-25 7:46 ` David Hildenbrand
2019-10-25 8:24 ` [RFC v2] " Janosch Frank
2019-11-01 13:02 ` Christian Borntraeger
2019-11-04 14:32 ` David Hildenbrand
2019-11-04 14:36 ` Janosch Frank
2019-11-04 14:38 ` David Hildenbrand
2019-11-13 12:23 ` Thomas Huth
2019-11-13 15:54 ` Janosch Frank
2019-10-24 11:40 ` [RFC 08/37] KVM: s390: add missing include in gmap.h Janosch Frank
2019-10-25 8:24 ` David Hildenbrand
2019-11-13 12:27 ` Thomas Huth
2019-10-24 11:40 ` [RFC 09/37] KVM: s390: protvirt: Implement on-demand pinning Janosch Frank
2019-10-25 8:49 ` David Hildenbrand
2019-10-31 15:41 ` Christian Borntraeger
2019-10-31 17:30 ` David Hildenbrand
2019-10-31 20:57 ` Janosch Frank
2019-11-04 10:19 ` David Hildenbrand
2019-11-04 10:25 ` Janosch Frank
2019-11-04 10:27 ` David Hildenbrand
2019-11-04 13:58 ` Christian Borntraeger
2019-11-04 14:08 ` David Hildenbrand
2019-11-04 14:42 ` David Hildenbrand
2019-11-04 17:17 ` Cornelia Huck
2019-11-04 17:44 ` David Hildenbrand
2019-11-04 18:38 ` David Hildenbrand
2019-11-05 9:15 ` Cornelia Huck
2019-11-01 8:50 ` Claudio Imbrenda
2019-11-04 10:22 ` David Hildenbrand
2019-11-02 8:53 ` Christian Borntraeger
2019-11-04 14:17 ` David Hildenbrand
2019-10-24 11:40 ` [RFC 10/37] s390: add (non)secure page access exceptions handlers Janosch Frank
2019-10-24 11:40 ` [RFC 11/37] DOCUMENTATION: protvirt: Interrupt injection Janosch Frank
2019-11-14 13:09 ` Cornelia Huck
2019-11-14 13:25 ` Claudio Imbrenda
2019-11-14 13:47 ` Cornelia Huck
2019-11-14 16:33 ` Janosch Frank
2019-10-24 11:40 ` [RFC 12/37] KVM: s390: protvirt: Handle SE notification interceptions Janosch Frank
2019-10-30 15:50 ` David Hildenbrand
2019-10-30 17:58 ` Janosch Frank
2019-11-05 18:04 ` Cornelia Huck
2019-11-05 18:15 ` Christian Borntraeger
2019-11-05 18:37 ` Cornelia Huck
2019-10-24 11:40 ` [RFC 13/37] KVM: s390: protvirt: Add interruption injection controls Janosch Frank
2019-10-30 15:53 ` David Hildenbrand
2019-10-31 8:48 ` Michael Mueller
2019-10-31 9:15 ` David Hildenbrand
2019-10-31 12:10 ` Michael Mueller
2019-11-05 17:51 ` Cornelia Huck
2019-11-07 12:42 ` Michael Mueller
2019-11-14 11:48 ` Thomas Huth
2019-10-24 11:40 ` [RFC 14/37] KVM: s390: protvirt: Implement interruption injection Janosch Frank
2019-11-04 10:29 ` David Hildenbrand
2019-11-04 14:05 ` Christian Borntraeger
2019-11-04 14:23 ` David Hildenbrand
2019-11-14 12:07 ` Thomas Huth
2019-10-24 11:40 ` [RFC 15/37] KVM: s390: protvirt: Add machine-check interruption injection controls Janosch Frank
2019-11-13 14:49 ` Thomas Huth
2019-11-13 15:57 ` Michael Mueller
2019-10-24 11:40 ` [RFC 16/37] KVM: s390: protvirt: Implement machine-check interruption injection Janosch Frank
2019-11-05 18:11 ` Cornelia Huck
2019-10-24 11:40 ` [RFC 17/37] DOCUMENTATION: protvirt: Instruction emulation Janosch Frank
2019-11-14 15:15 ` Cornelia Huck
2019-11-14 15:20 ` Claudio Imbrenda
2019-11-14 15:41 ` Cornelia Huck
2019-11-14 15:55 ` Janosch Frank
2019-11-14 16:03 ` Cornelia Huck
2019-11-14 16:18 ` Janosch Frank
2019-10-24 11:40 ` [RFC 18/37] KVM: s390: protvirt: Handle spec exception loops Janosch Frank
2019-11-14 14:22 ` Thomas Huth
2019-10-24 11:40 ` [RFC 19/37] KVM: s390: protvirt: Add new gprs location handling Janosch Frank
2019-11-04 11:25 ` David Hildenbrand
2019-11-05 12:01 ` Christian Borntraeger
2019-11-05 12:39 ` Janosch Frank
2019-11-05 13:55 ` David Hildenbrand
2019-11-05 14:11 ` Janosch Frank
2019-11-05 14:18 ` David Hildenbrand
2019-11-14 14:46 ` Thomas Huth
2019-11-14 14:44 ` Thomas Huth
2019-11-14 15:56 ` Janosch Frank
2019-10-24 11:40 ` [RFC 20/37] KVM: S390: protvirt: Introduce instruction data area bounce buffer Janosch Frank
2019-11-14 15:36 ` Thomas Huth
2019-11-14 16:04 ` Janosch Frank
2019-11-14 16:21 ` [PATCH] Fixup sida bouncing Janosch Frank
2019-11-15 8:19 ` Thomas Huth
2019-11-15 8:50 ` Janosch Frank
2019-11-15 9:21 ` Thomas Huth
2019-10-24 11:40 ` [RFC 21/37] KVM: S390: protvirt: Instruction emulation Janosch Frank
2019-11-14 15:38 ` Cornelia Huck
2019-11-14 16:00 ` Janosch Frank
2019-11-14 16:05 ` Cornelia Huck
2019-10-24 11:40 ` [RFC 22/37] KVM: s390: protvirt: Add SCLP handling Janosch Frank
2019-10-24 11:40 ` [RFC 23/37] KVM: s390: protvirt: Make sure prefix is always protected Janosch Frank
2019-11-18 16:39 ` Cornelia Huck
2019-11-19 8:11 ` Janosch Frank
2019-11-19 9:45 ` Cornelia Huck
2019-11-19 10:08 ` Janosch Frank
2019-11-19 10:18 ` David Hildenbrand
2019-11-19 11:36 ` Janosch Frank
2019-10-24 11:40 ` [RFC 24/37] KVM: s390: protvirt: Write sthyi data to instruction data area Janosch Frank
2019-11-15 8:04 ` Thomas Huth
2019-11-15 10:16 ` Janosch Frank
2019-11-15 10:21 ` Thomas Huth
2019-11-15 12:17 ` [PATCH] SIDAD macro fixup Janosch Frank
2019-10-24 11:40 ` [RFC 25/37] KVM: s390: protvirt: STSI handling Janosch Frank
2019-11-15 8:27 ` Thomas Huth
2019-10-24 11:40 ` [RFC 26/37] KVM: s390: protvirt: Only sync fmt4 registers Janosch Frank
2019-11-15 9:02 ` Thomas Huth
2019-11-15 10:01 ` Janosch Frank
2019-10-24 11:40 ` [RFC 27/37] KVM: s390: protvirt: SIGP handling Janosch Frank
2019-10-30 18:29 ` David Hildenbrand
2019-11-15 11:15 ` Thomas Huth
2019-10-24 11:40 ` [RFC 28/37] KVM: s390: protvirt: Add program exception injection Janosch Frank
2019-10-24 11:40 ` [RFC 29/37] KVM: s390: protvirt: Sync pv state Janosch Frank
2019-11-15 9:36 ` Thomas Huth
2019-11-15 9:59 ` Janosch Frank
2019-10-24 11:40 ` [RFC 30/37] DOCUMENTATION: protvirt: Diag 308 IPL Janosch Frank
2019-11-06 16:48 ` Cornelia Huck
2019-11-06 17:05 ` Janosch Frank
2019-11-06 17:37 ` Cornelia Huck
2019-11-06 21:02 ` Janosch Frank
2019-11-07 8:53 ` Cornelia Huck
2019-11-07 8:59 ` Janosch Frank
2019-10-24 11:40 ` [RFC 31/37] KVM: s390: protvirt: Add diag 308 subcode 8 - 10 handling Janosch Frank
2019-11-15 10:04 ` Thomas Huth
2019-11-15 10:20 ` Janosch Frank
2019-11-15 10:27 ` Thomas Huth
2019-11-15 11:29 ` Janosch Frank
2019-10-24 11:40 ` [RFC 32/37] KVM: s390: protvirt: UV calls diag308 0, 1 Janosch Frank
2019-11-15 10:07 ` Thomas Huth
2019-11-15 11:39 ` Janosch Frank
2019-11-15 13:30 ` Thomas Huth
2019-11-15 14:08 ` Janosch Frank
2019-10-24 11:40 ` [RFC 33/37] KVM: s390: Introduce VCPU reset IOCTL Janosch Frank
2019-11-15 10:47 ` Thomas Huth
2019-11-15 13:06 ` Janosch Frank
2019-11-15 13:18 ` Thomas Huth
2019-10-24 11:40 ` [RFC 34/37] KVM: s390: protvirt: Report CPU state to Ultravisor Janosch Frank
2019-10-24 11:40 ` [RFC 35/37] KVM: s390: Fix cpu reset local IRQ clearing Janosch Frank
2019-11-15 11:23 ` Thomas Huth
2019-11-15 11:37 ` Janosch Frank
2019-10-24 11:40 ` [RFC 36/37] KVM: s390: protvirt: Support cmd 5 operation state Janosch Frank
2019-11-15 11:25 ` Thomas Huth
2019-11-18 17:38 ` Cornelia Huck
2019-11-19 8:13 ` Janosch Frank
2019-11-19 10:23 ` Cornelia Huck
2019-11-19 11:40 ` Janosch Frank
2019-10-24 11:40 ` [RFC 37/37] KVM: s390: protvirt: Add UV debug trace Janosch Frank
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191024114059.102802-1-frankja@linux.ibm.com \
--to=frankja@linux.ibm.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=gor@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=mihajlov@linux.ibm.com \
--cc=mimu@linux.ibm.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.