From: Cornelia Huck <cohuck@redhat.com>
To: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Janosch Frank <frankja@linux.vnet.ibm.com>,
KVM <kvm@vger.kernel.org>, David Hildenbrand <david@redhat.com>,
Thomas Huth <thuth@redhat.com>,
Ulrich Weigand <Ulrich.Weigand@de.ibm.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
linux-s390 <linux-s390@vger.kernel.org>,
Michael Mueller <mimu@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Janosch Frank <frankja@linux.ibm.com>
Subject: Re: [PATCH v4 36/36] KVM: s390: protvirt: Add KVM api documentation
Date: Tue, 25 Feb 2020 16:50:59 +0100 [thread overview]
Message-ID: <20200225165059.5a2f48a5.cohuck@redhat.com> (raw)
In-Reply-To: <20200224114107.4646-37-borntraeger@de.ibm.com>
On Mon, 24 Feb 2020 06:41:07 -0500
Christian Borntraeger <borntraeger@de.ibm.com> wrote:
> From: Janosch Frank <frankja@linux.ibm.com>
>
> Add documentation for KVM_CAP_S390_PROTECTED capability and the
> KVM_S390_PV_COMMAND ioctl.
>
> Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
> [borntraeger@de.ibm.com: patch merging, splitting, fixing]
> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
> ---
> Documentation/virt/kvm/api.rst | 55 ++++++++++++++++++++++++++++++++++
> 1 file changed, 55 insertions(+)
>
> diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
> index 7505d7a6c0d8..20abb8b2594e 100644
> --- a/Documentation/virt/kvm/api.rst
> +++ b/Documentation/virt/kvm/api.rst
> @@ -4648,6 +4648,51 @@ the clear cpu reset definition in the POP. However, the cpu is not put
> into ESA mode. This reset is a superset of the initial reset.
>
>
> +4.125 KVM_S390_PV_COMMAND
> +-------------------------
> +
> +:Capability: KVM_CAP_S390_PROTECTED
> +:Architectures: s390
> +:Type: vm ioctl
> +:Parameters: struct kvm_pv_cmd
> +:Returns: 0 on success, < 0 on error
> +
> +::
> +
> + struct kvm_pv_cmd {
> + __u32 cmd; /* Command to be executed */
> + __u16 rc; /* Ultravisor return code */
> + __u16 rrc; /* Ultravisor return reason code */
> + __u64 data; /* Data or address */
> + __u32 flags; /* flags for future extensions. Must be 0 for now */
> + __u32 reserved[3];
> + };
> +
> +cmd values:
> +
> +KVM_PV_ENABLE
> + Allocate memory and register the VM with the Ultravisor, thereby
> + donating memory to the Ultravisor making it inaccessible to KVM.
> + Also converts all existing CPUs to protected ones. Future hotplug
> + CPUs will become protected during creation.
"Allocate memory and register the VM with the Ultravisor, thereby
donating memory to the Ultravisor that will become inaccsessible to
KVM. All existing CPUs are converted to protected ones. After this
command has succeeded, any CPU added via hotplug will become protected
during its creation as well."
> +
> +KVM_PV_DISABLE
> + Deregisters the VM from the Ultravisor and frees memory that was
> + donated, so the kernel can use it again. All registered VCPUs are
> + converted back to non-protected ones.
"Deregister the VM from the Ultravisor and reclaim the memory that had
been donated to the Ultravisor, making it usable by the kernel again.
..."
> +
> +KVM_PV_VM_SET_SEC_PARMS
> + Pass the image header from VM memory to the Ultravisor in
> + preparation of image unpacking and verification.
> +
> +KVM_PV_VM_UNPACK
> + Unpack (protect and decrypt) a page of the encrypted boot image.
> +
> +KVM_PV_VM_VERIFY
> + Verify the integrity of the unpacked image. Only if this succeeds,
> + KVM is allowed to start protected VCPUs.
> +
> +
> 5. The kvm_run structure
> ========================
>
> @@ -6026,3 +6071,13 @@ Architectures: s390
>
> This capability indicates that the KVM_S390_NORMAL_RESET and
> KVM_S390_CLEAR_RESET ioctls are available.
> +
> +8.23 KVM_CAP_S390_PROTECTED
> +
> +Architecture: s390
> +
> +This capability indicates that KVM can start protected VMs and the
> +Ultravisor has therefore been initialized.
"This capability indicates that the Ultravisor has been initialized and
KVM can therefore start protected VMs."
> +This will provide the new KVM_S390_PV_COMMAND ioctl and it will allow
> +KVM_MP_STATE_LOAD as new MP_STATE. KVM_SET_MP_STATE can now fail for
> +protected guests when the state change is invalid.
"This capability governs the KVM_S390_PV_COMMAND ioctl and the
KVM_MP_STATE_LOAD MP_STATE. KVM_SET_MP_STATE can fail for protected
guests when the state change is invalid."
next prev parent reply other threads:[~2020-02-25 15:51 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-24 11:40 [PATCH v4 00/36] KVM: s390: Add support for protected VMs Christian Borntraeger
2020-02-24 11:40 ` [PATCH v4 01/36] mm/gup/writeback: add callbacks for inaccessible pages Christian Borntraeger
2020-02-24 11:40 ` [PATCH v4 02/36] KVM: s390/interrupt: do not pin adapter interrupt pages Christian Borntraeger
2020-02-25 10:18 ` Cornelia Huck
2020-02-24 11:40 ` [PATCH v4 03/36] s390/protvirt: introduce host side setup Christian Borntraeger
2020-02-24 11:40 ` [PATCH v4 04/36] s390/protvirt: add ultravisor initialization Christian Borntraeger
2020-02-24 11:40 ` [PATCH v4 05/36] s390/mm: provide memory management functions for protected KVM guests Christian Borntraeger
2020-02-25 10:32 ` Cornelia Huck
2020-02-24 11:40 ` [PATCH v4 06/36] s390/mm: add (non)secure page access exceptions handlers Christian Borntraeger
2020-02-25 10:37 ` Cornelia Huck
2020-02-24 11:40 ` [PATCH v4 07/36] KVM: s390: protvirt: Add UV debug trace Christian Borntraeger
2020-02-24 11:40 ` [PATCH v4 08/36] KVM: s390: add new variants of UV CALL Christian Borntraeger
2020-02-24 11:40 ` [PATCH v4 09/36] KVM: s390: protvirt: Add initial vm and cpu lifecycle handling Christian Borntraeger
2020-02-25 17:46 ` David Hildenbrand
2020-02-25 21:44 ` Christian Borntraeger
2020-02-25 22:29 ` David Hildenbrand
2020-02-25 21:48 ` [PATCH v4.5 " Christian Borntraeger
2020-02-25 22:37 ` David Hildenbrand
2020-02-26 8:12 ` Christian Borntraeger
2020-02-26 8:28 ` David Hildenbrand
2020-02-26 9:12 ` Christian Borntraeger
2020-02-26 9:15 ` David Hildenbrand
2020-02-26 10:01 ` Cornelia Huck
2020-02-26 10:52 ` Christian Borntraeger
2020-02-26 10:38 ` Cornelia Huck
2020-02-26 11:03 ` Christian Borntraeger
2020-02-26 12:26 ` Cornelia Huck
2020-02-26 13:31 ` Christian Borntraeger
2020-02-26 16:54 ` Cornelia Huck
2020-02-26 17:00 ` [PATCH v4.6 " Christian Borntraeger
2020-02-26 17:08 ` Cornelia Huck
2020-02-24 11:40 ` [PATCH v4 10/36] KVM: s390: protvirt: Secure memory is not mergeable Christian Borntraeger
2020-02-24 11:40 ` [PATCH v4 11/36] KVM: s390/mm: Make pages accessible before destroying the guest Christian Borntraeger
2020-02-24 11:40 ` [PATCH v4 12/36] KVM: s390: protvirt: Handle SE notification interceptions Christian Borntraeger
2020-02-25 11:11 ` Cornelia Huck
2020-02-24 11:40 ` [PATCH v4 13/36] KVM: s390: protvirt: Instruction emulation Christian Borntraeger
2020-02-24 11:40 ` [PATCH v4 14/36] KVM: s390: protvirt: Implement interrupt injection Christian Borntraeger
2020-02-25 12:07 ` Cornelia Huck
2020-02-24 11:40 ` [PATCH v4 15/36] KVM: s390: protvirt: Add SCLP interrupt handling Christian Borntraeger
2020-02-25 12:11 ` Cornelia Huck
2020-02-24 11:40 ` [PATCH v4 16/36] KVM: s390: protvirt: Handle spec exception loops Christian Borntraeger
2020-02-24 19:14 ` David Hildenbrand
2020-02-24 11:40 ` [PATCH v4 17/36] KVM: s390: protvirt: Add new gprs location handling Christian Borntraeger
2020-02-24 11:40 ` [PATCH v4 18/36] KVM: S390: protvirt: Introduce instruction data area bounce buffer Christian Borntraeger
2020-02-24 19:13 ` David Hildenbrand
2020-02-25 7:50 ` Christian Borntraeger
2020-02-25 8:18 ` David Hildenbrand
2020-02-25 17:21 ` Cornelia Huck
2020-02-25 18:39 ` Christian Borntraeger
2020-02-25 17:19 ` Cornelia Huck
2020-02-25 18:37 ` Christian Borntraeger
2020-02-24 11:40 ` [PATCH v4 19/36] KVM: s390: protvirt: handle secure guest prefix pages Christian Borntraeger
2020-02-25 12:15 ` Cornelia Huck
2020-02-24 11:40 ` [PATCH v4 20/36] KVM: s390/mm: handle guest unpin events Christian Borntraeger
2020-02-25 12:18 ` Cornelia Huck
2020-02-25 14:21 ` Christian Borntraeger
2020-02-25 14:30 ` Cornelia Huck
2020-02-24 11:40 ` [PATCH v4 21/36] KVM: s390: protvirt: Write sthyi data to instruction data area Christian Borntraeger
2020-02-24 11:40 ` [PATCH v4 22/36] KVM: s390: protvirt: STSI handling Christian Borntraeger
2020-02-24 19:00 ` David Hildenbrand
2020-02-24 11:40 ` [PATCH v4 23/36] KVM: s390: protvirt: disallow one_reg Christian Borntraeger
2020-02-24 11:40 ` [PATCH v4 24/36] KVM: s390: protvirt: Do only reset registers that are accessible Christian Borntraeger
2020-02-25 12:32 ` Cornelia Huck
2020-02-25 12:51 ` Janosch Frank
2020-02-25 13:06 ` Cornelia Huck
2020-02-25 13:08 ` Christian Borntraeger
2020-02-25 13:16 ` Cornelia Huck
2020-02-25 13:07 ` Christian Borntraeger
2020-02-24 11:40 ` [PATCH v4 25/36] KVM: s390: protvirt: Only sync fmt4 registers Christian Borntraeger
2020-02-25 12:36 ` Cornelia Huck
2020-02-24 11:40 ` [PATCH v4 26/36] KVM: s390: protvirt: Add program exception injection Christian Borntraeger
2020-02-24 11:40 ` [PATCH v4 27/36] KVM: s390: protvirt: UV calls in support of diag308 0, 1 Christian Borntraeger
2020-02-25 12:51 ` Cornelia Huck
2020-02-24 11:40 ` [PATCH v4 28/36] KVM: s390: protvirt: Report CPU state to Ultravisor Christian Borntraeger
2020-02-24 19:05 ` David Hildenbrand
2020-02-25 8:29 ` Christian Borntraeger
2020-02-25 8:41 ` David Hildenbrand
2020-02-25 13:01 ` Cornelia Huck
2020-02-25 13:21 ` Christian Borntraeger
2020-02-25 13:44 ` Cornelia Huck
2020-02-24 11:41 ` [PATCH v4 29/36] KVM: s390: protvirt: Support cmd 5 operation state Christian Borntraeger
2020-02-24 19:08 ` David Hildenbrand
2020-02-25 7:53 ` Christian Borntraeger
2020-02-25 13:21 ` Cornelia Huck
2020-02-24 11:41 ` [PATCH v4 30/36] KVM: s390: protvirt: Mask PSW interrupt bits for interception 104 and 112 Christian Borntraeger
2020-02-24 11:41 ` [PATCH v4 31/36] KVM: s390: protvirt: do not inject interrupts after start Christian Borntraeger
2020-02-24 11:41 ` [PATCH v4 32/36] KVM: s390: protvirt: Add UV cpu reset calls Christian Borntraeger
2020-02-24 11:41 ` [PATCH v4 33/36] DOCUMENTATION: Protected virtual machine introduction and IPL Christian Borntraeger
2020-02-25 16:22 ` Cornelia Huck
2020-02-25 16:42 ` Christian Borntraeger
2020-02-24 11:41 ` [PATCH v4 34/36] s390: protvirt: Add sysfs firmware interface for Ultravisor information Christian Borntraeger
2020-02-25 13:30 ` Cornelia Huck
2020-02-25 13:37 ` Cornelia Huck
2020-02-24 11:41 ` [PATCH v4 35/36] KVM: s390: protvirt: introduce and enable KVM_CAP_S390_PROTECTED Christian Borntraeger
2020-02-25 13:22 ` Cornelia Huck
2020-02-24 11:41 ` [PATCH v4 36/36] KVM: s390: protvirt: Add KVM api documentation Christian Borntraeger
2020-02-25 15:50 ` Cornelia Huck [this message]
2020-02-25 19:30 ` Christian Borntraeger
2020-02-27 8:47 ` [PATCH v4.1 " Christian Borntraeger
2020-02-27 9:04 ` Cornelia Huck
2020-02-26 9:35 ` [PATCH v4 00/36] KVM: s390: Add support for protected VMs Christian Borntraeger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200225165059.5a2f48a5.cohuck@redhat.com \
--to=cohuck@redhat.com \
--cc=Ulrich.Weigand@de.ibm.com \
--cc=borntraeger@de.ibm.com \
--cc=david@redhat.com \
--cc=frankja@linux.ibm.com \
--cc=frankja@linux.vnet.ibm.com \
--cc=gor@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=mimu@linux.ibm.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox