From: Christian Borntraeger <borntraeger@de.ibm.com>
To: Christian Borntraeger <borntraeger@de.ibm.com>,
Janosch Frank <frankja@linux.vnet.ibm.com>
Cc: KVM <kvm@vger.kernel.org>, Cornelia Huck <cohuck@redhat.com>,
David Hildenbrand <david@redhat.com>,
Thomas Huth <thuth@redhat.com>,
Ulrich Weigand <Ulrich.Weigand@de.ibm.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
Andrea Arcangeli <aarcange@redhat.com>,
linux-s390 <linux-s390@vger.kernel.org>,
Michael Mueller <mimu@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
linux-mm@kvack.org, Andrew Morton <akpm@linux-foundation.org>
Subject: [PATCH 00/35] KVM: s390: Add support for protected VMs
Date: Fri, 7 Feb 2020 06:39:23 -0500 [thread overview]
Message-ID: <20200207113958.7320-1-borntraeger@de.ibm.com> (raw)
Upfront: This series contains a "pretty small" common code memory
management change that will allow paging, guest backing with files etc
almost just like normal VMs. It should be a no-op for all architectures
not opting in. And it should be usable for others that also try to get
notified on "the pages are in the process of being used for things like
I/O"
I CCed linux-mm (and Andrew as mm maintainer and Andrea as he was
involved in some design discussions) on the first patch (common code
mm). I also added the CC to some other patches that make use of this
infrastructure or are dealing with arch-specific memory management.
The full patch queue is on the linux-s390 and kvm mailing list. It
would be good to get an ACK for this patch. I can then carry that via
the s390 tree.
Overview
--------
Protected VMs (PVM) are KVM VMs, where KVM can't access the VM's state
like guest memory and guest registers anymore. Instead the PVMs are
mostly managed by a new entity called Ultravisor (UV), which provides
an API, so KVM and the PV can request management actions.
PVMs are encrypted at rest and protected from hypervisor access while
running. They switch from a normal operation into protected mode, so
we can still use the standard boot process to load a encrypted blob
and then move it into protected mode.
Rebooting is only possible by passing through the unprotected/normal
mode and switching to protected again.
All patches are in the protvirtv3 branch of the korg s390 kvm git
https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/log/?h=protvirtv3
Claudio presented the technology at his presentation at KVM Forum
2019.
https://static.sched.com/hosted_files/kvmforum2019/3b/ibm_protected_vms_s390x.pdf
RFCv2 -> v1 (you can diff the protvirtv2 and the protvirtv3 branch)
- tons of review feedback integrated (see mail thread)
- memory management now complete and working
- Documentation patches merged
- interrupt patches merged
- CONFIG_KVM_S390_PROTECTED_VIRTUALIZATION_HOST removed
- SIDA interface integrated into memop
- for merged patches I removed reviews that were not in all patches
Christian Borntraeger (3):
KVM: s390/mm: Make pages accessible before destroying the guest
KVM: s390: protvirt: Add SCLP interrupt handling
KVM: s390: protvirt: do not inject interrupts after start
Claudio Imbrenda (3):
mm:gup/writeback: add callbacks for inaccessible pages
s390/mm: provide memory management functions for protected KVM guests
KVM: s390/mm: handle guest unpin events
Janosch Frank (23):
KVM: s390: add new variants of UV CALL
KVM: s390: protvirt: Add initial lifecycle handling
KVM: s390: protvirt: Add KVM api documentation
KVM: s390: protvirt: Secure memory is not mergeable
KVM: s390: protvirt: Handle SE notification interceptions
KVM: s390: protvirt: Instruction emulation
KVM: s390: protvirt: Handle spec exception loops
KVM: s390: protvirt: Add new gprs location handling
KVM: S390: protvirt: Introduce instruction data area bounce buffer
KVM: s390: protvirt: handle secure guest prefix pages
KVM: s390: protvirt: Write sthyi data to instruction data area
KVM: s390: protvirt: STSI handling
KVM: s390: protvirt: disallow one_reg
KVM: s390: protvirt: Only sync fmt4 registers
KVM: s390: protvirt: Add program exception injection
KVM: s390: protvirt: Add diag 308 subcode 8 - 10 handling
KVM: s390: protvirt: UV calls diag308 0, 1
KVM: s390: protvirt: Report CPU state to Ultravisor
KVM: s390: protvirt: Support cmd 5 operation state
KVM: s390: protvirt: Add UV debug trace
KVM: s390: protvirt: Mask PSW interrupt bits for interception 104 and
112
KVM: s390: protvirt: Add UV cpu reset calls
DOCUMENTATION: Protected virtual machine introduction and IPL
Michael Mueller (2):
KVM: s390: protvirt: Add interruption injection controls
KVM: s390: protvirt: Implement interruption injection
Ulrich Weigand (1):
KVM: s390/interrupt: do not pin adapter interrupt pages
Vasily Gorbik (3):
s390/protvirt: introduce host side setup
s390/protvirt: add ultravisor initialization
s390/mm: add (non)secure page access exceptions handlers
.../admin-guide/kernel-parameters.txt | 5 +
Documentation/virt/kvm/api.txt | 67 ++-
Documentation/virt/kvm/index.rst | 2 +
Documentation/virt/kvm/s390-pv-boot.rst | 79 +++
Documentation/virt/kvm/s390-pv.rst | 116 +++++
MAINTAINERS | 1 +
arch/s390/boot/Makefile | 2 +-
arch/s390/boot/uv.c | 21 +-
arch/s390/include/asm/gmap.h | 3 +
arch/s390/include/asm/kvm_host.h | 114 ++++-
arch/s390/include/asm/mmu.h | 2 +
arch/s390/include/asm/mmu_context.h | 1 +
arch/s390/include/asm/page.h | 5 +
arch/s390/include/asm/pgtable.h | 35 +-
arch/s390/include/asm/uv.h | 267 +++++++++-
arch/s390/kernel/Makefile | 1 +
arch/s390/kernel/pgm_check.S | 4 +-
arch/s390/kernel/setup.c | 7 +-
arch/s390/kernel/uv.c | 274 ++++++++++
arch/s390/kvm/Makefile | 2 +-
arch/s390/kvm/diag.c | 1 +
arch/s390/kvm/intercept.c | 109 +++-
arch/s390/kvm/interrupt.c | 371 +++++++++++---
arch/s390/kvm/kvm-s390.c | 477 ++++++++++++++++--
arch/s390/kvm/kvm-s390.h | 39 ++
arch/s390/kvm/priv.c | 11 +-
arch/s390/kvm/pv.c | 292 +++++++++++
arch/s390/mm/fault.c | 86 ++++
arch/s390/mm/gmap.c | 65 ++-
include/linux/gfp.h | 6 +
include/uapi/linux/kvm.h | 42 +-
mm/gup.c | 2 +
mm/page-writeback.c | 1 +
33 files changed, 2325 insertions(+), 185 deletions(-)
create mode 100644 Documentation/virt/kvm/s390-pv-boot.rst
create mode 100644 Documentation/virt/kvm/s390-pv.rst
create mode 100644 arch/s390/kernel/uv.c
create mode 100644 arch/s390/kvm/pv.c
--
2.24.0
next reply other threads:[~2020-02-07 11:40 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-07 11:39 Christian Borntraeger [this message]
2020-02-07 11:39 ` [PATCH 01/35] mm:gup/writeback: add callbacks for inaccessible pages Christian Borntraeger
2020-02-10 17:27 ` Christian Borntraeger
2020-02-11 11:26 ` Will Deacon
2020-02-11 11:43 ` Christian Borntraeger
2020-02-13 14:48 ` Christian Borntraeger
2020-02-18 16:02 ` Will Deacon
2020-02-13 19:56 ` Sean Christopherson
2020-02-13 20:13 ` Christian Borntraeger
2020-02-13 20:46 ` Sean Christopherson
2020-02-17 20:55 ` Tom Lendacky
2020-02-17 21:14 ` Christian Borntraeger
2020-02-10 18:17 ` David Hildenbrand
2020-02-10 18:28 ` Christian Borntraeger
2020-02-10 18:43 ` David Hildenbrand
2020-02-10 18:51 ` Christian Borntraeger
2020-02-18 3:36 ` Tian, Kevin
2020-02-18 6:44 ` Christian Borntraeger
2020-02-07 11:39 ` [PATCH 02/35] KVM: s390/interrupt: do not pin adapter interrupt pages Christian Borntraeger
2020-02-10 12:26 ` David Hildenbrand
2020-02-10 18:38 ` Christian Borntraeger
2020-02-10 19:33 ` David Hildenbrand
2020-02-11 9:23 ` [PATCH v2 RFC] " Christian Borntraeger
2020-02-12 11:52 ` Christian Borntraeger
2020-02-12 12:16 ` David Hildenbrand
2020-02-12 12:22 ` Christian Borntraeger
2020-02-12 12:47 ` David Hildenbrand
2020-02-12 12:39 ` Cornelia Huck
2020-02-12 12:44 ` Christian Borntraeger
2020-02-12 13:07 ` Cornelia Huck
2020-02-10 18:56 ` [PATCH 02/35] KVM: s390/interrupt: do not pin adapter interrupt Ulrich Weigand
2020-02-10 12:40 ` [PATCH 02/35] KVM: s390/interrupt: do not pin adapter interrupt pages David Hildenbrand
2020-02-07 11:39 ` [PATCH 05/35] s390/mm: provide memory management functions for protected KVM guests Christian Borntraeger
2020-02-12 13:42 ` Cornelia Huck
2020-02-13 7:43 ` Christian Borntraeger
2020-02-13 8:44 ` Cornelia Huck
2020-02-14 17:59 ` David Hildenbrand
2020-02-14 21:17 ` Christian Borntraeger
2020-02-07 11:39 ` [PATCH 06/35] s390/mm: add (non)secure page access exceptions handlers Christian Borntraeger
2020-02-14 18:05 ` David Hildenbrand
2020-02-14 19:59 ` Christian Borntraeger
2020-02-07 11:39 ` [PATCH 10/35] KVM: s390: protvirt: Secure memory is not mergeable Christian Borntraeger
2020-02-07 11:39 ` [PATCH 11/35] KVM: s390/mm: Make pages accessible before destroying the guest Christian Borntraeger
2020-02-14 18:40 ` David Hildenbrand
2020-02-07 11:39 ` [PATCH 21/35] KVM: s390/mm: handle guest unpin events Christian Borntraeger
2020-02-10 14:58 ` Thomas Huth
2020-02-11 13:21 ` Cornelia Huck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200207113958.7320-1-borntraeger@de.ibm.com \
--to=borntraeger@de.ibm.com \
--cc=Ulrich.Weigand@de.ibm.com \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=frankja@linux.vnet.ibm.com \
--cc=gor@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-s390@vger.kernel.org \
--cc=mimu@linux.ibm.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).