From: Steffen Eiden <seiden@linux.ibm.com>
To: kvm@vger.kernel.org, linux-s390@vger.kernel.org,
linux-kernel@vger.kernel.org,
Viktor Mihajlovski <mihajlov@linux.ibm.com>
Cc: Janosch Frank <frankja@linux.ibm.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
Nico Boehr <nrb@linux.ibm.com>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Heiko Carstens <hca@linux.ibm.com>,
Hendrik Brueckner <brueckner@linux.ibm.com>
Subject: [PATCH v3 0/6] s390/uvdevice: Expose secret UVCs
Date: Tue, 6 Jun 2023 13:37:30 +0200 [thread overview]
Message-ID: <20230606113736.2934503-1-seiden@linux.ibm.com> (raw)
IBM Secure Execution guests may want to inject secrets into the Ultravisor(UV).
Also they should be able to know which secrets the UV possesses and prevent the
further addition of more secrets.
Therefore, add three new Ultravisor-Calls and expose them via the uvdevice: Add
Secret, List Secrets, and Lock Secrets. The uvdevice still acts as the
messenger only and does not inspect or modify the requests. Only some sanity
checks are made to prevent the kernel from corruption.
Also add a new IOCTL to get information about the supported UV-calls of the
uvdevice. As userspace wants to know which secrets, types, etc. are supported
expose the corresponding UV Query info data to userspace via sysfs.
The series contains:
* A new info IOCTL, giving information about the capabilities of the uvdevice and UV
* 3 patches adding new Ultravisor-Calls and expose them to userspace
* A patch replacing scnprintf with sysfs_emit in arch/s390/kernel/uv.c
* A patch with an Ultravisor Query Info update for the new secret related information
Changes for v3:
* misc nits from Janosch
Changes for v2:
* use __set_bit instead of the atomic set_bit (Heiko)
* add a patch for replacing scnprintf with sysfs_emit in arch/s390/kernel/uv.c (Heiko)
* use scnprintf instead of sysfs_emit for the new sysfs entries in the last patch (Heiko)
* use hex values in struct definitions (Claudio)
Steffen
Steffen Eiden (6):
s390/uvdevice: Add info IOCTL
s390/uvdevice: Add 'Add Secret' UVC
s390/uvdevice: Add 'List Secrets' UVC
s390/uvdevice: Add 'Lock Secret Store' UVC
s390/uv: replace scnprintf with sysfs_emit
s390/uv: Update query for secret-UVCs
arch/s390/boot/uv.c | 4 +
arch/s390/include/asm/uv.h | 32 +++-
arch/s390/include/uapi/asm/uvdevice.h | 53 +++++-
arch/s390/kernel/uv.c | 94 +++++++----
drivers/s390/char/uvdevice.c | 225 +++++++++++++++++++++++++-
5 files changed, 368 insertions(+), 40 deletions(-)
--
2.40.1
next reply other threads:[~2023-06-06 11:37 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-06 11:37 Steffen Eiden [this message]
2023-06-06 11:37 ` [PATCH v3 1/6] s390/uvdevice: Add info IOCTL Steffen Eiden
2023-06-06 13:33 ` Janosch Frank
2023-06-06 11:37 ` [PATCH v3 2/6] s390/uvdevice: Add 'Add Secret' UVC Steffen Eiden
2023-06-06 14:18 ` Janosch Frank
2023-06-06 11:37 ` [PATCH v3 3/6] s390/uvdevice: Add 'List Secrets' UVC Steffen Eiden
2023-06-06 11:37 ` [PATCH v3 4/6] s390/uvdevice: Add 'Lock Secret Store' UVC Steffen Eiden
2023-06-06 15:24 ` Janosch Frank
2023-06-06 11:37 ` [PATCH v3 5/6] s390/uv: replace scnprintf with sysfs_emit Steffen Eiden
2023-06-06 13:50 ` Janosch Frank
2023-06-06 11:37 ` [PATCH v3 6/6] s390/uv: Update query for secret-UVCs Steffen Eiden
2023-06-06 15:23 ` Janosch Frank
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230606113736.2934503-1-seiden@linux.ibm.com \
--to=seiden@linux.ibm.com \
--cc=borntraeger@linux.ibm.com \
--cc=brueckner@linux.ibm.com \
--cc=frankja@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=mihajlov@linux.ibm.com \
--cc=nrb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox