From: Claudio Carvalho <cclaudio@linux.ibm.com> To: linuxppc-dev@ozlabs.org Cc: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>, Michael Anderson <andmike@linux.ibm.com>, Ram Pai <linuxram@us.ibm.com>, Claudio Carvalho <cclaudio@linux.ibm.com>, kvm-ppc@vger.kernel.org, Bharata B Rao <bharata@linux.ibm.com>, Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>, Thiago Bauermann <bauermann@linux.ibm.com>, Anshuman Khandual <khandual@linux.vnet.ibm.com> Subject: [PATCH v3 0/9] kvmppc: Paravirtualize KVM to support ultravisor Date: Thu, 6 Jun 2019 14:36:05 -0300 [thread overview] Message-ID: <20190606173614.32090-1-cclaudio@linux.ibm.com> (raw) POWER platforms that supports the Protected Execution Facility (PEF) introduce features that combine hardware facilities and firmware to enable secure virtual machines. That includes a new processor mode (ultravisor mode) and the ultravisor firmware. In PEF enabled systems, the ultravisor firmware runs at a privilege level above the hypervisor and also takes control over some system resources. The hypervisor, though, can make system calls to access these resources. Such system calls, a.k.a. ucalls, are handled by the ultravisor firmware. The processor allows part of the system memory to be configured as secure memory, and introduces a a new mode, called secure mode, where any software entity in that mode can access secure memory. The hypervisor doesn't (and can't) run in secure mode, but a secure guest and the ultravisor firmware do. This patch set adds support for ultravisor calls and do some preparation for running secure guests. --- Changelog: --- v2->v3: - Squashed patches: "[PATCH v2 08/10] KVM: PPC: Ultravisor: Return to UV for hcalls from SVM" "[PATCH v2 09/10] KVM: PPC: Book3S HV: Fixed for running secure guests" - Renamed patch from/to: "[PATCH v2 08/10] KVM: PPC: Ultravisor: Return to UV for hcalls from SVM" "[PATCH v3 08/09] KVM: PPC: Ultravisor: Enter a secure guest - Rebased - Addressed comments from Paul Mackerras - Dropped ultravisor checks made in power8 code - Updated the commit message for: "[PATCH v3 08/09] KVM: PPC: Ultravisor: Enter a secure guest" - Addressed comments from Maddy - Dropped imc-pmu.c changes - Changed opal-imc.c to fail the probe when the ultravisor is enabled - Fixed "ucall defined but not used" issue when CONFIG_PPC_UV not set v1->v2: - Addressed comments from Paul Mackerras: - Write the pate in HV's table before doing that in UV's - Renamed and better documented the ultravisor header files. Also added all possible return codes for each ucall - Updated the commit message that introduces the MSR_S bit - Moved ultravisor.c and ucall.S to arch/powerpc/kernel - Changed ucall.S to not save CR - Rebased - Changed the patches order - Updated several commit messages - Added FW_FEATURE_ULTRAVISOR to enable use of firmware_has_feature() - Renamed CONFIG_PPC_KVM_UV to CONFIG_PPC_UV and used it to ifdef the ucall handler and the code that populates the powerpc_firmware_features for ultravisor - Exported the ucall symbol. KVM may be built as module. - Restricted LDBAR access if the ultravisor firmware is available - Dropped patches: "[PATCH 06/13] KVM: PPC: Ultravisor: UV_RESTRICTED_SPR_WRITE ucall" "[PATCH 07/13] KVM: PPC: Ultravisor: UV_RESTRICTED_SPR_READ ucall" "[PATCH 08/13] KVM: PPC: Ultravisor: fix mtspr and mfspr" - Squashed patches: "[PATCH 09/13] KVM: PPC: Ultravisor: Return to UV for hcalls from SVM" "[PATCH 13/13] KVM: PPC: UV: Have fast_guest_return check secure_guest" Anshuman Khandual (1): KVM: PPC: Ultravisor: Add PPC_UV config option Claudio Carvalho (2): powerpc: Introduce FW_FEATURE_ULTRAVISOR KVM: PPC: Ultravisor: Restrict LDBAR access Michael Anderson (2): KVM: PPC: Ultravisor: Use UV_WRITE_PATE ucall to register a PATE KVM: PPC: Ultravisor: Check for MSR_S during hv_reset_msr Ram Pai (2): KVM: PPC: Ultravisor: Add generic ultravisor call handler KVM: PPC: Ultravisor: Restrict flush of the partition tlb cache Sukadev Bhattiprolu (2): KVM: PPC: Ultravisor: Introduce the MSR_S bit KVM: PPC: Ultravisor: Enter a secure guest arch/powerpc/Kconfig | 20 +++++++ arch/powerpc/include/asm/firmware.h | 5 +- arch/powerpc/include/asm/kvm_host.h | 1 + arch/powerpc/include/asm/reg.h | 3 ++ arch/powerpc/include/asm/ultravisor-api.h | 24 +++++++++ arch/powerpc/include/asm/ultravisor.h | 49 +++++++++++++++++ arch/powerpc/kernel/Makefile | 1 + arch/powerpc/kernel/asm-offsets.c | 1 + arch/powerpc/kernel/prom.c | 6 +++ arch/powerpc/kernel/ucall.S | 31 +++++++++++ arch/powerpc/kernel/ultravisor.c | 28 ++++++++++ arch/powerpc/kvm/book3s_64_mmu_hv.c | 1 + arch/powerpc/kvm/book3s_hv_rmhandlers.S | 39 +++++++++++--- arch/powerpc/mm/book3s64/hash_utils.c | 3 +- arch/powerpc/mm/book3s64/pgtable.c | 65 +++++++++++++++++------ arch/powerpc/mm/book3s64/radix_pgtable.c | 9 ++-- arch/powerpc/platforms/powernv/idle.c | 6 ++- arch/powerpc/platforms/powernv/opal-imc.c | 7 +++ 18 files changed, 269 insertions(+), 30 deletions(-) create mode 100644 arch/powerpc/include/asm/ultravisor-api.h create mode 100644 arch/powerpc/include/asm/ultravisor.h create mode 100644 arch/powerpc/kernel/ucall.S create mode 100644 arch/powerpc/kernel/ultravisor.c -- 2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Claudio Carvalho <cclaudio@linux.ibm.com> To: linuxppc-dev@ozlabs.org Cc: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>, Michael Anderson <andmike@linux.ibm.com>, Ram Pai <linuxram@us.ibm.com>, Claudio Carvalho <cclaudio@linux.ibm.com>, kvm-ppc@vger.kernel.org, Bharata B Rao <bharata@linux.ibm.com>, Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>, Thiago Bauermann <bauermann@linux.ibm.com>, Anshuman Khandual <khandual@linux.vnet.ibm.com> Subject: [PATCH v3 0/9] kvmppc: Paravirtualize KVM to support ultravisor Date: Thu, 06 Jun 2019 17:36:05 +0000 [thread overview] Message-ID: <20190606173614.32090-1-cclaudio@linux.ibm.com> (raw) POWER platforms that supports the Protected Execution Facility (PEF) introduce features that combine hardware facilities and firmware to enable secure virtual machines. That includes a new processor mode (ultravisor mode) and the ultravisor firmware. In PEF enabled systems, the ultravisor firmware runs at a privilege level above the hypervisor and also takes control over some system resources. The hypervisor, though, can make system calls to access these resources. Such system calls, a.k.a. ucalls, are handled by the ultravisor firmware. The processor allows part of the system memory to be configured as secure memory, and introduces a a new mode, called secure mode, where any software entity in that mode can access secure memory. The hypervisor doesn't (and can't) run in secure mode, but a secure guest and the ultravisor firmware do. This patch set adds support for ultravisor calls and do some preparation for running secure guests. --- Changelog: --- v2->v3: - Squashed patches: "[PATCH v2 08/10] KVM: PPC: Ultravisor: Return to UV for hcalls from SVM" "[PATCH v2 09/10] KVM: PPC: Book3S HV: Fixed for running secure guests" - Renamed patch from/to: "[PATCH v2 08/10] KVM: PPC: Ultravisor: Return to UV for hcalls from SVM" "[PATCH v3 08/09] KVM: PPC: Ultravisor: Enter a secure guest - Rebased - Addressed comments from Paul Mackerras - Dropped ultravisor checks made in power8 code - Updated the commit message for: "[PATCH v3 08/09] KVM: PPC: Ultravisor: Enter a secure guest" - Addressed comments from Maddy - Dropped imc-pmu.c changes - Changed opal-imc.c to fail the probe when the ultravisor is enabled - Fixed "ucall defined but not used" issue when CONFIG_PPC_UV not set v1->v2: - Addressed comments from Paul Mackerras: - Write the pate in HV's table before doing that in UV's - Renamed and better documented the ultravisor header files. Also added all possible return codes for each ucall - Updated the commit message that introduces the MSR_S bit - Moved ultravisor.c and ucall.S to arch/powerpc/kernel - Changed ucall.S to not save CR - Rebased - Changed the patches order - Updated several commit messages - Added FW_FEATURE_ULTRAVISOR to enable use of firmware_has_feature() - Renamed CONFIG_PPC_KVM_UV to CONFIG_PPC_UV and used it to ifdef the ucall handler and the code that populates the powerpc_firmware_features for ultravisor - Exported the ucall symbol. KVM may be built as module. - Restricted LDBAR access if the ultravisor firmware is available - Dropped patches: "[PATCH 06/13] KVM: PPC: Ultravisor: UV_RESTRICTED_SPR_WRITE ucall" "[PATCH 07/13] KVM: PPC: Ultravisor: UV_RESTRICTED_SPR_READ ucall" "[PATCH 08/13] KVM: PPC: Ultravisor: fix mtspr and mfspr" - Squashed patches: "[PATCH 09/13] KVM: PPC: Ultravisor: Return to UV for hcalls from SVM" "[PATCH 13/13] KVM: PPC: UV: Have fast_guest_return check secure_guest" Anshuman Khandual (1): KVM: PPC: Ultravisor: Add PPC_UV config option Claudio Carvalho (2): powerpc: Introduce FW_FEATURE_ULTRAVISOR KVM: PPC: Ultravisor: Restrict LDBAR access Michael Anderson (2): KVM: PPC: Ultravisor: Use UV_WRITE_PATE ucall to register a PATE KVM: PPC: Ultravisor: Check for MSR_S during hv_reset_msr Ram Pai (2): KVM: PPC: Ultravisor: Add generic ultravisor call handler KVM: PPC: Ultravisor: Restrict flush of the partition tlb cache Sukadev Bhattiprolu (2): KVM: PPC: Ultravisor: Introduce the MSR_S bit KVM: PPC: Ultravisor: Enter a secure guest arch/powerpc/Kconfig | 20 +++++++ arch/powerpc/include/asm/firmware.h | 5 +- arch/powerpc/include/asm/kvm_host.h | 1 + arch/powerpc/include/asm/reg.h | 3 ++ arch/powerpc/include/asm/ultravisor-api.h | 24 +++++++++ arch/powerpc/include/asm/ultravisor.h | 49 +++++++++++++++++ arch/powerpc/kernel/Makefile | 1 + arch/powerpc/kernel/asm-offsets.c | 1 + arch/powerpc/kernel/prom.c | 6 +++ arch/powerpc/kernel/ucall.S | 31 +++++++++++ arch/powerpc/kernel/ultravisor.c | 28 ++++++++++ arch/powerpc/kvm/book3s_64_mmu_hv.c | 1 + arch/powerpc/kvm/book3s_hv_rmhandlers.S | 39 +++++++++++--- arch/powerpc/mm/book3s64/hash_utils.c | 3 +- arch/powerpc/mm/book3s64/pgtable.c | 65 +++++++++++++++++------ arch/powerpc/mm/book3s64/radix_pgtable.c | 9 ++-- arch/powerpc/platforms/powernv/idle.c | 6 ++- arch/powerpc/platforms/powernv/opal-imc.c | 7 +++ 18 files changed, 269 insertions(+), 30 deletions(-) create mode 100644 arch/powerpc/include/asm/ultravisor-api.h create mode 100644 arch/powerpc/include/asm/ultravisor.h create mode 100644 arch/powerpc/kernel/ucall.S create mode 100644 arch/powerpc/kernel/ultravisor.c -- 2.20.1
next reply other threads:[~2019-06-06 17:49 UTC|newest] Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-06-06 17:36 Claudio Carvalho [this message] 2019-06-06 17:36 ` [PATCH v3 0/9] kvmppc: Paravirtualize KVM to support ultravisor Claudio Carvalho 2019-06-06 17:36 ` [PATCH v3 1/9] KVM: PPC: Ultravisor: Add PPC_UV config option Claudio Carvalho 2019-06-06 17:36 ` Claudio Carvalho 2019-06-07 20:11 ` Leonardo Bras 2019-06-07 20:11 ` Leonardo Bras 2019-06-10 12:18 ` Claudio Carvalho 2019-06-10 12:18 ` Claudio Carvalho 2019-06-06 17:36 ` [PATCH v3 2/9] KVM: PPC: Ultravisor: Introduce the MSR_S bit Claudio Carvalho 2019-06-06 17:36 ` Claudio Carvalho 2019-06-06 17:36 ` [PATCH v3 3/9] powerpc: Introduce FW_FEATURE_ULTRAVISOR Claudio Carvalho 2019-06-06 17:36 ` Claudio Carvalho 2019-06-15 7:36 ` Paul Mackerras 2019-06-15 7:36 ` Paul Mackerras 2019-07-01 14:12 ` Claudio Carvalho 2019-07-01 14:12 ` Claudio Carvalho 2019-06-06 17:36 ` [PATCH v3 4/9] KVM: PPC: Ultravisor: Add generic ultravisor call handler Claudio Carvalho 2019-06-06 17:36 ` Claudio Carvalho 2019-06-15 7:37 ` Paul Mackerras 2019-06-15 7:37 ` Paul Mackerras 2019-06-17 2:06 ` Paul Mackerras 2019-06-17 2:06 ` Paul Mackerras 2019-06-17 23:51 ` Ram Pai 2019-06-17 23:51 ` Ram Pai 2019-06-18 11:47 ` Segher Boessenkool 2019-06-18 11:47 ` Segher Boessenkool 2019-06-18 15:25 ` Ram Pai 2019-06-18 15:25 ` Ram Pai 2019-06-06 17:36 ` [PATCH v3 5/9] KVM: PPC: Ultravisor: Use UV_WRITE_PATE ucall to register a PATE Claudio Carvalho 2019-06-06 17:36 ` Claudio Carvalho 2019-06-15 7:38 ` Paul Mackerras 2019-06-15 7:38 ` Paul Mackerras 2019-06-06 17:36 ` [PATCH v3 6/9] KVM: PPC: Ultravisor: Restrict flush of the partition tlb cache Claudio Carvalho 2019-06-06 17:36 ` Claudio Carvalho 2019-06-06 19:39 ` Murilo Opsfelder Araújo 2019-06-06 19:39 ` Murilo Opsfelder Araújo 2019-06-06 21:55 ` Paul Mackerras 2019-06-06 21:55 ` Paul Mackerras 2019-06-06 17:36 ` [PATCH v3 7/9] KVM: PPC: Ultravisor: Restrict LDBAR access Claudio Carvalho 2019-06-06 17:36 ` Claudio Carvalho 2019-06-07 4:48 ` Madhavan Srinivasan 2019-06-07 4:48 ` Madhavan Srinivasan 2019-06-07 12:34 ` Claudio Carvalho 2019-06-07 12:34 ` Claudio Carvalho 2019-06-15 7:43 ` Paul Mackerras 2019-06-15 7:43 ` Paul Mackerras 2019-06-16 1:10 ` Ram Pai 2019-06-16 1:10 ` Ram Pai 2019-06-06 17:36 ` [PATCH v3 8/9] KVM: PPC: Ultravisor: Enter a secure guest Claudio Carvalho 2019-06-06 17:36 ` Claudio Carvalho 2019-06-15 7:45 ` Paul Mackerras 2019-06-15 7:45 ` Paul Mackerras 2019-06-06 17:36 ` [PATCH v3 9/9] KVM: PPC: Ultravisor: Check for MSR_S during hv_reset_msr Claudio Carvalho 2019-06-06 17:36 ` Claudio Carvalho 2019-06-15 7:47 ` Paul Mackerras 2019-06-15 7:47 ` Paul Mackerras
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190606173614.32090-1-cclaudio@linux.ibm.com \ --to=cclaudio@linux.ibm.com \ --cc=andmike@linux.ibm.com \ --cc=bauermann@linux.ibm.com \ --cc=bharata@linux.ibm.com \ --cc=khandual@linux.vnet.ibm.com \ --cc=kvm-ppc@vger.kernel.org \ --cc=linuxppc-dev@ozlabs.org \ --cc=linuxram@us.ibm.com \ --cc=maddy@linux.vnet.ibm.com \ --cc=sukadev@linux.vnet.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.