On 11/7/19 4:28 PM, Cornelia Huck wrote: > On Thu, 24 Oct 2019 07:40:25 -0400 > Janosch Frank wrote: > >> From: Vasily Gorbik >> >> Before being able to host protected virtual machines, donate some of >> the memory to the ultravisor. Besides that the ultravisor might impose >> addressing limitations for memory used to back protected VM storage. Treat >> that limit as protected virtualization host's virtual memory limit. >> >> Signed-off-by: Vasily Gorbik >> --- >> arch/s390/include/asm/uv.h | 16 ++++++++++++ >> arch/s390/kernel/setup.c | 3 +++ >> arch/s390/kernel/uv.c | 53 ++++++++++++++++++++++++++++++++++++++ >> 3 files changed, 72 insertions(+) > > (...) > >> diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c >> index 35ce89695509..f7778493e829 100644 >> --- a/arch/s390/kernel/uv.c >> +++ b/arch/s390/kernel/uv.c >> @@ -45,4 +45,57 @@ static int __init prot_virt_setup(char *val) >> return rc; >> } >> early_param("prot_virt", prot_virt_setup); >> + >> +static int __init uv_init(unsigned long stor_base, unsigned long stor_len) >> +{ >> + struct uv_cb_init uvcb = { >> + .header.cmd = UVC_CMD_INIT_UV, >> + .header.len = sizeof(uvcb), >> + .stor_origin = stor_base, >> + .stor_len = stor_len, >> + }; >> + int cc; >> + >> + cc = uv_call(0, (uint64_t)&uvcb); >> + if (cc || uvcb.header.rc != UVC_RC_EXECUTED) { >> + pr_err("Ultravisor init failed with cc: %d rc: 0x%hx\n", cc, >> + uvcb.header.rc); >> + return -1; > > Is there any reasonable case where that call might fail if we have the > facility installed? Bad stor_base, maybe? Yes, wrong storage locations, length, etc... Also if we are running with more than one CPU or the Ultravisor encountered some internal error. > >> + } >> + return 0; >> +} >> + >> +void __init setup_uv(void) >> +{ >> + unsigned long uv_stor_base; >> + >> + if (!prot_virt_host) >> + return; >> + >> + uv_stor_base = (unsigned long)memblock_alloc_try_nid( >> + uv_info.uv_base_stor_len, SZ_1M, SZ_2G, >> + MEMBLOCK_ALLOC_ACCESSIBLE, NUMA_NO_NODE); >> + if (!uv_stor_base) { >> + pr_info("Failed to reserve %lu bytes for ultravisor base storage\n", >> + uv_info.uv_base_stor_len); >> + goto fail; >> + } >> + >> + if (uv_init(uv_stor_base, uv_info.uv_base_stor_len)) { >> + memblock_free(uv_stor_base, uv_info.uv_base_stor_len); >> + goto fail; >> + } >> + >> + pr_info("Reserving %luMB as ultravisor base storage\n", >> + uv_info.uv_base_stor_len >> 20); >> + return; >> +fail: >> + prot_virt_host = 0; > > So, what happens if the user requested protected virtualization and any > of the above failed? We turn off host support, so any attempt to start > a protected virtualization guest on that host will fail (hopefully with > a meaningful error), I guess. > STFLE 161, and the associated diag308 subcodes 8-10 will not be available to any VM. So yes, the stuv that starts a protected guest will print a message. > Is there any use case where we'd want to make failure to set this up > fatal? Not really. > >> +} >> + >> +void adjust_to_uv_max(unsigned long *vmax) >> +{ >> + if (prot_virt_host && *vmax > uv_info.max_sec_stor_addr) >> + *vmax = uv_info.max_sec_stor_addr; >> +} >> #endif >