From: Claudio Carvalho <cclaudio@linux.ibm.com>
To: linuxppc-dev@ozlabs.org
Cc: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>,
Michael Anderson <andmike@linux.ibm.com>,
Ram Pai <linuxram@us.ibm.com>,
Claudio Carvalho <cclaudio@linux.ibm.com>,
kvm-ppc@vger.kernel.org, Bharata B Rao <bharata@linux.ibm.com>,
Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>,
Thiago Bauermann <bauermann@linux.ibm.com>,
Anshuman Khandual <khandual@linux.vnet.ibm.com>
Subject: [PATCH v3 0/9] kvmppc: Paravirtualize KVM to support ultravisor
Date: Thu, 6 Jun 2019 14:36:05 -0300 [thread overview]
Message-ID: <20190606173614.32090-1-cclaudio@linux.ibm.com> (raw)
POWER platforms that supports the Protected Execution Facility (PEF)
introduce features that combine hardware facilities and firmware to
enable secure virtual machines. That includes a new processor mode
(ultravisor mode) and the ultravisor firmware.
In PEF enabled systems, the ultravisor firmware runs at a privilege
level above the hypervisor and also takes control over some system
resources. The hypervisor, though, can make system calls to access these
resources. Such system calls, a.k.a. ucalls, are handled by the
ultravisor firmware.
The processor allows part of the system memory to be configured as
secure memory, and introduces a a new mode, called secure mode, where
any software entity in that mode can access secure memory. The
hypervisor doesn't (and can't) run in secure mode, but a secure guest
and the ultravisor firmware do.
This patch set adds support for ultravisor calls and do some preparation
for running secure guests.
---
Changelog:
---
v2->v3:
- Squashed patches:
"[PATCH v2 08/10] KVM: PPC: Ultravisor: Return to UV for hcalls from SVM"
"[PATCH v2 09/10] KVM: PPC: Book3S HV: Fixed for running secure guests"
- Renamed patch from/to:
"[PATCH v2 08/10] KVM: PPC: Ultravisor: Return to UV for hcalls from SVM"
"[PATCH v3 08/09] KVM: PPC: Ultravisor: Enter a secure guest
- Rebased
- Addressed comments from Paul Mackerras
- Dropped ultravisor checks made in power8 code
- Updated the commit message for:
"[PATCH v3 08/09] KVM: PPC: Ultravisor: Enter a secure guest"
- Addressed comments from Maddy
- Dropped imc-pmu.c changes
- Changed opal-imc.c to fail the probe when the ultravisor is enabled
- Fixed "ucall defined but not used" issue when CONFIG_PPC_UV not set
v1->v2:
- Addressed comments from Paul Mackerras:
- Write the pate in HV's table before doing that in UV's
- Renamed and better documented the ultravisor header files. Also added
all possible return codes for each ucall
- Updated the commit message that introduces the MSR_S bit
- Moved ultravisor.c and ucall.S to arch/powerpc/kernel
- Changed ucall.S to not save CR
- Rebased
- Changed the patches order
- Updated several commit messages
- Added FW_FEATURE_ULTRAVISOR to enable use of firmware_has_feature()
- Renamed CONFIG_PPC_KVM_UV to CONFIG_PPC_UV and used it to ifdef the ucall
handler and the code that populates the powerpc_firmware_features for
ultravisor
- Exported the ucall symbol. KVM may be built as module.
- Restricted LDBAR access if the ultravisor firmware is available
- Dropped patches:
"[PATCH 06/13] KVM: PPC: Ultravisor: UV_RESTRICTED_SPR_WRITE ucall"
"[PATCH 07/13] KVM: PPC: Ultravisor: UV_RESTRICTED_SPR_READ ucall"
"[PATCH 08/13] KVM: PPC: Ultravisor: fix mtspr and mfspr"
- Squashed patches:
"[PATCH 09/13] KVM: PPC: Ultravisor: Return to UV for hcalls from SVM"
"[PATCH 13/13] KVM: PPC: UV: Have fast_guest_return check secure_guest"
Anshuman Khandual (1):
KVM: PPC: Ultravisor: Add PPC_UV config option
Claudio Carvalho (2):
powerpc: Introduce FW_FEATURE_ULTRAVISOR
KVM: PPC: Ultravisor: Restrict LDBAR access
Michael Anderson (2):
KVM: PPC: Ultravisor: Use UV_WRITE_PATE ucall to register a PATE
KVM: PPC: Ultravisor: Check for MSR_S during hv_reset_msr
Ram Pai (2):
KVM: PPC: Ultravisor: Add generic ultravisor call handler
KVM: PPC: Ultravisor: Restrict flush of the partition tlb cache
Sukadev Bhattiprolu (2):
KVM: PPC: Ultravisor: Introduce the MSR_S bit
KVM: PPC: Ultravisor: Enter a secure guest
arch/powerpc/Kconfig | 20 +++++++
arch/powerpc/include/asm/firmware.h | 5 +-
arch/powerpc/include/asm/kvm_host.h | 1 +
arch/powerpc/include/asm/reg.h | 3 ++
arch/powerpc/include/asm/ultravisor-api.h | 24 +++++++++
arch/powerpc/include/asm/ultravisor.h | 49 +++++++++++++++++
arch/powerpc/kernel/Makefile | 1 +
arch/powerpc/kernel/asm-offsets.c | 1 +
arch/powerpc/kernel/prom.c | 6 +++
arch/powerpc/kernel/ucall.S | 31 +++++++++++
arch/powerpc/kernel/ultravisor.c | 28 ++++++++++
arch/powerpc/kvm/book3s_64_mmu_hv.c | 1 +
arch/powerpc/kvm/book3s_hv_rmhandlers.S | 39 +++++++++++---
arch/powerpc/mm/book3s64/hash_utils.c | 3 +-
arch/powerpc/mm/book3s64/pgtable.c | 65 +++++++++++++++++------
arch/powerpc/mm/book3s64/radix_pgtable.c | 9 ++--
arch/powerpc/platforms/powernv/idle.c | 6 ++-
arch/powerpc/platforms/powernv/opal-imc.c | 7 +++
18 files changed, 269 insertions(+), 30 deletions(-)
create mode 100644 arch/powerpc/include/asm/ultravisor-api.h
create mode 100644 arch/powerpc/include/asm/ultravisor.h
create mode 100644 arch/powerpc/kernel/ucall.S
create mode 100644 arch/powerpc/kernel/ultravisor.c
--
2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Claudio Carvalho <cclaudio@linux.ibm.com>
To: linuxppc-dev@ozlabs.org
Cc: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>,
Michael Anderson <andmike@linux.ibm.com>,
Ram Pai <linuxram@us.ibm.com>,
Claudio Carvalho <cclaudio@linux.ibm.com>,
kvm-ppc@vger.kernel.org, Bharata B Rao <bharata@linux.ibm.com>,
Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>,
Thiago Bauermann <bauermann@linux.ibm.com>,
Anshuman Khandual <khandual@linux.vnet.ibm.com>
Subject: [PATCH v3 0/9] kvmppc: Paravirtualize KVM to support ultravisor
Date: Thu, 06 Jun 2019 17:36:05 +0000 [thread overview]
Message-ID: <20190606173614.32090-1-cclaudio@linux.ibm.com> (raw)
POWER platforms that supports the Protected Execution Facility (PEF)
introduce features that combine hardware facilities and firmware to
enable secure virtual machines. That includes a new processor mode
(ultravisor mode) and the ultravisor firmware.
In PEF enabled systems, the ultravisor firmware runs at a privilege
level above the hypervisor and also takes control over some system
resources. The hypervisor, though, can make system calls to access these
resources. Such system calls, a.k.a. ucalls, are handled by the
ultravisor firmware.
The processor allows part of the system memory to be configured as
secure memory, and introduces a a new mode, called secure mode, where
any software entity in that mode can access secure memory. The
hypervisor doesn't (and can't) run in secure mode, but a secure guest
and the ultravisor firmware do.
This patch set adds support for ultravisor calls and do some preparation
for running secure guests.
---
Changelog:
---
v2->v3:
- Squashed patches:
"[PATCH v2 08/10] KVM: PPC: Ultravisor: Return to UV for hcalls from SVM"
"[PATCH v2 09/10] KVM: PPC: Book3S HV: Fixed for running secure guests"
- Renamed patch from/to:
"[PATCH v2 08/10] KVM: PPC: Ultravisor: Return to UV for hcalls from SVM"
"[PATCH v3 08/09] KVM: PPC: Ultravisor: Enter a secure guest
- Rebased
- Addressed comments from Paul Mackerras
- Dropped ultravisor checks made in power8 code
- Updated the commit message for:
"[PATCH v3 08/09] KVM: PPC: Ultravisor: Enter a secure guest"
- Addressed comments from Maddy
- Dropped imc-pmu.c changes
- Changed opal-imc.c to fail the probe when the ultravisor is enabled
- Fixed "ucall defined but not used" issue when CONFIG_PPC_UV not set
v1->v2:
- Addressed comments from Paul Mackerras:
- Write the pate in HV's table before doing that in UV's
- Renamed and better documented the ultravisor header files. Also added
all possible return codes for each ucall
- Updated the commit message that introduces the MSR_S bit
- Moved ultravisor.c and ucall.S to arch/powerpc/kernel
- Changed ucall.S to not save CR
- Rebased
- Changed the patches order
- Updated several commit messages
- Added FW_FEATURE_ULTRAVISOR to enable use of firmware_has_feature()
- Renamed CONFIG_PPC_KVM_UV to CONFIG_PPC_UV and used it to ifdef the ucall
handler and the code that populates the powerpc_firmware_features for
ultravisor
- Exported the ucall symbol. KVM may be built as module.
- Restricted LDBAR access if the ultravisor firmware is available
- Dropped patches:
"[PATCH 06/13] KVM: PPC: Ultravisor: UV_RESTRICTED_SPR_WRITE ucall"
"[PATCH 07/13] KVM: PPC: Ultravisor: UV_RESTRICTED_SPR_READ ucall"
"[PATCH 08/13] KVM: PPC: Ultravisor: fix mtspr and mfspr"
- Squashed patches:
"[PATCH 09/13] KVM: PPC: Ultravisor: Return to UV for hcalls from SVM"
"[PATCH 13/13] KVM: PPC: UV: Have fast_guest_return check secure_guest"
Anshuman Khandual (1):
KVM: PPC: Ultravisor: Add PPC_UV config option
Claudio Carvalho (2):
powerpc: Introduce FW_FEATURE_ULTRAVISOR
KVM: PPC: Ultravisor: Restrict LDBAR access
Michael Anderson (2):
KVM: PPC: Ultravisor: Use UV_WRITE_PATE ucall to register a PATE
KVM: PPC: Ultravisor: Check for MSR_S during hv_reset_msr
Ram Pai (2):
KVM: PPC: Ultravisor: Add generic ultravisor call handler
KVM: PPC: Ultravisor: Restrict flush of the partition tlb cache
Sukadev Bhattiprolu (2):
KVM: PPC: Ultravisor: Introduce the MSR_S bit
KVM: PPC: Ultravisor: Enter a secure guest
arch/powerpc/Kconfig | 20 +++++++
arch/powerpc/include/asm/firmware.h | 5 +-
arch/powerpc/include/asm/kvm_host.h | 1 +
arch/powerpc/include/asm/reg.h | 3 ++
arch/powerpc/include/asm/ultravisor-api.h | 24 +++++++++
arch/powerpc/include/asm/ultravisor.h | 49 +++++++++++++++++
arch/powerpc/kernel/Makefile | 1 +
arch/powerpc/kernel/asm-offsets.c | 1 +
arch/powerpc/kernel/prom.c | 6 +++
arch/powerpc/kernel/ucall.S | 31 +++++++++++
arch/powerpc/kernel/ultravisor.c | 28 ++++++++++
arch/powerpc/kvm/book3s_64_mmu_hv.c | 1 +
arch/powerpc/kvm/book3s_hv_rmhandlers.S | 39 +++++++++++---
arch/powerpc/mm/book3s64/hash_utils.c | 3 +-
arch/powerpc/mm/book3s64/pgtable.c | 65 +++++++++++++++++------
arch/powerpc/mm/book3s64/radix_pgtable.c | 9 ++--
arch/powerpc/platforms/powernv/idle.c | 6 ++-
arch/powerpc/platforms/powernv/opal-imc.c | 7 +++
18 files changed, 269 insertions(+), 30 deletions(-)
create mode 100644 arch/powerpc/include/asm/ultravisor-api.h
create mode 100644 arch/powerpc/include/asm/ultravisor.h
create mode 100644 arch/powerpc/kernel/ucall.S
create mode 100644 arch/powerpc/kernel/ultravisor.c
--
2.20.1
next reply other threads:[~2019-06-06 17:49 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-06 17:36 Claudio Carvalho [this message]
2019-06-06 17:36 ` [PATCH v3 0/9] kvmppc: Paravirtualize KVM to support ultravisor Claudio Carvalho
2019-06-06 17:36 ` [PATCH v3 1/9] KVM: PPC: Ultravisor: Add PPC_UV config option Claudio Carvalho
2019-06-06 17:36 ` Claudio Carvalho
2019-06-07 20:11 ` Leonardo Bras
2019-06-07 20:11 ` Leonardo Bras
2019-06-10 12:18 ` Claudio Carvalho
2019-06-10 12:18 ` Claudio Carvalho
2019-06-06 17:36 ` [PATCH v3 2/9] KVM: PPC: Ultravisor: Introduce the MSR_S bit Claudio Carvalho
2019-06-06 17:36 ` Claudio Carvalho
2019-06-06 17:36 ` [PATCH v3 3/9] powerpc: Introduce FW_FEATURE_ULTRAVISOR Claudio Carvalho
2019-06-06 17:36 ` Claudio Carvalho
2019-06-15 7:36 ` Paul Mackerras
2019-06-15 7:36 ` Paul Mackerras
2019-07-01 14:12 ` Claudio Carvalho
2019-07-01 14:12 ` Claudio Carvalho
2019-06-06 17:36 ` [PATCH v3 4/9] KVM: PPC: Ultravisor: Add generic ultravisor call handler Claudio Carvalho
2019-06-06 17:36 ` Claudio Carvalho
2019-06-15 7:37 ` Paul Mackerras
2019-06-15 7:37 ` Paul Mackerras
2019-06-17 2:06 ` Paul Mackerras
2019-06-17 2:06 ` Paul Mackerras
2019-06-17 23:51 ` Ram Pai
2019-06-17 23:51 ` Ram Pai
2019-06-18 11:47 ` Segher Boessenkool
2019-06-18 11:47 ` Segher Boessenkool
2019-06-18 15:25 ` Ram Pai
2019-06-18 15:25 ` Ram Pai
2019-06-06 17:36 ` [PATCH v3 5/9] KVM: PPC: Ultravisor: Use UV_WRITE_PATE ucall to register a PATE Claudio Carvalho
2019-06-06 17:36 ` Claudio Carvalho
2019-06-15 7:38 ` Paul Mackerras
2019-06-15 7:38 ` Paul Mackerras
2019-06-06 17:36 ` [PATCH v3 6/9] KVM: PPC: Ultravisor: Restrict flush of the partition tlb cache Claudio Carvalho
2019-06-06 17:36 ` Claudio Carvalho
2019-06-06 19:39 ` Murilo Opsfelder Araújo
2019-06-06 19:39 ` Murilo Opsfelder Araújo
2019-06-06 21:55 ` Paul Mackerras
2019-06-06 21:55 ` Paul Mackerras
2019-06-06 17:36 ` [PATCH v3 7/9] KVM: PPC: Ultravisor: Restrict LDBAR access Claudio Carvalho
2019-06-06 17:36 ` Claudio Carvalho
2019-06-07 4:48 ` Madhavan Srinivasan
2019-06-07 4:48 ` Madhavan Srinivasan
2019-06-07 12:34 ` Claudio Carvalho
2019-06-07 12:34 ` Claudio Carvalho
2019-06-15 7:43 ` Paul Mackerras
2019-06-15 7:43 ` Paul Mackerras
2019-06-16 1:10 ` Ram Pai
2019-06-16 1:10 ` Ram Pai
2019-06-06 17:36 ` [PATCH v3 8/9] KVM: PPC: Ultravisor: Enter a secure guest Claudio Carvalho
2019-06-06 17:36 ` Claudio Carvalho
2019-06-15 7:45 ` Paul Mackerras
2019-06-15 7:45 ` Paul Mackerras
2019-06-06 17:36 ` [PATCH v3 9/9] KVM: PPC: Ultravisor: Check for MSR_S during hv_reset_msr Claudio Carvalho
2019-06-06 17:36 ` Claudio Carvalho
2019-06-15 7:47 ` Paul Mackerras
2019-06-15 7:47 ` Paul Mackerras
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190606173614.32090-1-cclaudio@linux.ibm.com \
--to=cclaudio@linux.ibm.com \
--cc=andmike@linux.ibm.com \
--cc=bauermann@linux.ibm.com \
--cc=bharata@linux.ibm.com \
--cc=khandual@linux.vnet.ibm.com \
--cc=kvm-ppc@vger.kernel.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=linuxram@us.ibm.com \
--cc=maddy@linux.vnet.ibm.com \
--cc=sukadev@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.