From: Janosch Frank <frankja@linux.ibm.com>
To: Cornelia Huck <cohuck@redhat.com>
Cc: kvm@vger.kernel.org, linux-s390@vger.kernel.org,
thuth@redhat.com, david@redhat.com, borntraeger@de.ibm.com,
imbrenda@linux.ibm.com, mihajlov@linux.ibm.com,
mimu@linux.ibm.com, gor@linux.ibm.com
Subject: Re: [RFC 30/37] DOCUMENTATION: protvirt: Diag 308 IPL
Date: Thu, 7 Nov 2019 09:59:49 +0100 [thread overview]
Message-ID: <be94339f-90cf-3ce9-aaec-f6031dc11aeb@linux.ibm.com> (raw)
In-Reply-To: <20191107095323.0ede44b5.cohuck@redhat.com>
[-- Attachment #1.1: Type: text/plain, Size: 2312 bytes --]
On 11/7/19 9:53 AM, Cornelia Huck wrote:
> On Wed, 6 Nov 2019 22:02:41 +0100
> Janosch Frank <frankja@linux.ibm.com> wrote:
>
>> On 11/6/19 6:37 PM, Cornelia Huck wrote:
>>> On Wed, 6 Nov 2019 18:05:22 +0100
>>> Janosch Frank <frankja@linux.ibm.com> wrote:
>>>
>>>> On 11/6/19 5:48 PM, Cornelia Huck wrote:
>>>>> On Thu, 24 Oct 2019 07:40:52 -0400
>>>>> Janosch Frank <frankja@linux.ibm.com> wrote:
>>>>>
>>>>>> Description of changes that are necessary to move a KVM VM into
>>>>>> Protected Virtualization mode.
>>>>>>
>>>>>> Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
>>>>>> ---
>>>>>> Documentation/virtual/kvm/s390-pv-boot.txt | 62 ++++++++++++++++++++++
>>>>>> 1 file changed, 62 insertions(+)
>>>>>> create mode 100644 Documentation/virtual/kvm/s390-pv-boot.txt
>>>
>>>>> So... what do we IPL from? Is there still a need for the bios?
>>>>>
>>>>> (Sorry, I'm a bit confused here.)
>>>>>
>>>>
>>>> We load a blob via the bios (all methods are supported) and that blob
>>>> moves itself into protected mode. I.e. it has a small unprotected stub,
>>>> the rest is an encrypted kernel.
>>>>
>>>
>>> Ok. The magic is in the loaded kernel, and we don't need modifications
>>> to the bios?
>>>
>>
>> Yes.
>>
>> The order is:
>> * We load a blob via the bios or direct kernel boot.
>> * That blob consists of a small stub, a header and an encrypted blob
>> glued together
>> * The small stub does the diag 308 subcode 8 and 10.
>> * Subcode 8 basically passes the header that describes the encrypted
>> blob to the Ultravisor (well rather registers it with qemu to pass on later)
>> * Subcode 10 tells QEMU to move the VM into protected mode
>> * A lot of APIs in KVM and the Ultravisor are called
>> * The protected VM starts
>> * A memory mover copies the now unencrypted, but protected kernel to its
>> intended place and jumps into the entry function
>> * Linux boots and detects, that it is protected and needs to use bounce
>> buffers
>>
>
> Thanks, this explanation makes things much clearer.
NP
We seem to assume that all of this is easily understandable, but we are
obviously biased :-)
I'll try to improve Documentation by adding Pierre to the discussion, as
he wasn't involved in the project yet.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2019-11-07 9:00 UTC|newest]
Thread overview: 213+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-24 11:40 [RFC 00/37] KVM: s390: Add support for protected VMs Janosch Frank
2019-10-24 11:40 ` [RFC 01/37] DOCUMENTATION: protvirt: Protected virtual machine introduction Janosch Frank
2019-11-01 8:18 ` Christian Borntraeger
2019-11-04 14:18 ` Cornelia Huck
2019-11-12 14:38 ` Janosch Frank
2019-10-24 11:40 ` [RFC 02/37] s390/protvirt: introduce host side setup Janosch Frank
2019-10-24 13:25 ` David Hildenbrand
2019-10-24 13:27 ` David Hildenbrand
2019-10-24 13:40 ` Christian Borntraeger
2019-10-24 15:52 ` David Hildenbrand
2019-10-24 16:30 ` Claudio Imbrenda
2019-10-24 16:54 ` David Hildenbrand
2019-10-28 14:54 ` Cornelia Huck
2019-10-28 20:20 ` Christian Borntraeger
2019-11-01 8:53 ` Christian Borntraeger
2019-11-04 14:26 ` Cornelia Huck
2019-11-12 14:47 ` Janosch Frank
2019-11-04 15:54 ` Cornelia Huck
2019-11-04 17:50 ` Christian Borntraeger
2019-11-05 9:26 ` Cornelia Huck
2019-11-08 12:14 ` Thomas Huth
2019-10-24 11:40 ` [RFC 03/37] s390/protvirt: add ultravisor initialization Janosch Frank
2019-10-25 9:21 ` David Hildenbrand
2019-10-28 15:48 ` Vasily Gorbik
2019-10-28 15:54 ` David Hildenbrand
2019-11-01 10:07 ` Christian Borntraeger
2019-11-07 15:28 ` Cornelia Huck
2019-11-07 15:32 ` Janosch Frank
2019-10-24 11:40 ` [RFC 04/37] KVM: s390: protvirt: Add initial lifecycle handling Janosch Frank
2019-10-25 8:58 ` David Hildenbrand
2019-10-25 9:02 ` David Hildenbrand
2019-11-04 8:18 ` Christian Borntraeger
2019-11-04 8:41 ` Janosch Frank
2019-11-07 16:29 ` Cornelia Huck
2019-11-08 7:36 ` Janosch Frank
2019-11-11 16:25 ` Cornelia Huck
2019-11-11 16:39 ` Janosch Frank
2019-11-11 16:54 ` Cornelia Huck
2019-11-13 10:05 ` Thomas Huth
2019-11-08 13:44 ` Thomas Huth
2019-11-13 10:28 ` Thomas Huth
2019-11-13 11:34 ` Janosch Frank
2019-11-13 14:03 ` [PATCH] Fix unpack Janosch Frank
2019-11-13 14:19 ` Thomas Huth
2019-11-13 14:36 ` Cornelia Huck
2019-11-13 11:48 ` [RFC 04/37] KVM: s390: protvirt: Add initial lifecycle handling Cornelia Huck
2019-10-24 11:40 ` [RFC 05/37] s390: KVM: Export PV handle to gmap Janosch Frank
2019-10-25 9:04 ` David Hildenbrand
2019-10-24 11:40 ` [RFC 06/37] s390: UV: Add import and export to UV library Janosch Frank
2019-10-25 8:31 ` David Hildenbrand
2019-10-25 8:39 ` Janosch Frank
2019-10-25 8:40 ` David Hildenbrand
2019-10-25 8:42 ` Janosch Frank
2019-11-01 11:26 ` Christian Borntraeger
2019-11-01 12:25 ` Janosch Frank
2019-11-01 12:39 ` Christian Borntraeger
2019-11-01 12:42 ` Christian Borntraeger
2019-11-11 16:40 ` Cornelia Huck
2019-11-11 16:56 ` Janosch Frank
2019-10-24 11:40 ` [RFC 07/37] KVM: s390: protvirt: Secure memory is not mergeable Janosch Frank
2019-10-24 16:07 ` David Hildenbrand
2019-10-24 16:33 ` Claudio Imbrenda
2019-10-24 16:49 ` David Hildenbrand
2019-10-25 7:18 ` Janosch Frank
2019-10-25 8:04 ` David Hildenbrand
2019-10-25 8:20 ` Janosch Frank
2019-10-25 7:46 ` David Hildenbrand
2019-10-25 8:24 ` [RFC v2] " Janosch Frank
2019-11-01 13:02 ` Christian Borntraeger
2019-11-04 14:32 ` David Hildenbrand
2019-11-04 14:36 ` Janosch Frank
2019-11-04 14:38 ` David Hildenbrand
2019-11-13 12:23 ` Thomas Huth
2019-11-13 15:54 ` Janosch Frank
2019-10-24 11:40 ` [RFC 08/37] KVM: s390: add missing include in gmap.h Janosch Frank
2019-10-25 8:24 ` David Hildenbrand
2019-11-13 12:27 ` Thomas Huth
2019-10-24 11:40 ` [RFC 09/37] KVM: s390: protvirt: Implement on-demand pinning Janosch Frank
2019-10-25 8:49 ` David Hildenbrand
2019-10-31 15:41 ` Christian Borntraeger
2019-10-31 17:30 ` David Hildenbrand
2019-10-31 20:57 ` Janosch Frank
2019-11-04 10:19 ` David Hildenbrand
2019-11-04 10:25 ` Janosch Frank
2019-11-04 10:27 ` David Hildenbrand
2019-11-04 13:58 ` Christian Borntraeger
2019-11-04 14:08 ` David Hildenbrand
2019-11-04 14:42 ` David Hildenbrand
2019-11-04 17:17 ` Cornelia Huck
2019-11-04 17:44 ` David Hildenbrand
2019-11-04 18:38 ` David Hildenbrand
2019-11-05 9:15 ` Cornelia Huck
2019-11-01 8:50 ` Claudio Imbrenda
2019-11-04 10:22 ` David Hildenbrand
2019-11-02 8:53 ` Christian Borntraeger
2019-11-04 14:17 ` David Hildenbrand
2019-10-24 11:40 ` [RFC 10/37] s390: add (non)secure page access exceptions handlers Janosch Frank
2019-10-24 11:40 ` [RFC 11/37] DOCUMENTATION: protvirt: Interrupt injection Janosch Frank
2019-11-14 13:09 ` Cornelia Huck
2019-11-14 13:25 ` Claudio Imbrenda
2019-11-14 13:47 ` Cornelia Huck
2019-11-14 16:33 ` Janosch Frank
2019-10-24 11:40 ` [RFC 12/37] KVM: s390: protvirt: Handle SE notification interceptions Janosch Frank
2019-10-30 15:50 ` David Hildenbrand
2019-10-30 17:58 ` Janosch Frank
2019-11-05 18:04 ` Cornelia Huck
2019-11-05 18:15 ` Christian Borntraeger
2019-11-05 18:37 ` Cornelia Huck
2019-10-24 11:40 ` [RFC 13/37] KVM: s390: protvirt: Add interruption injection controls Janosch Frank
2019-10-30 15:53 ` David Hildenbrand
2019-10-31 8:48 ` Michael Mueller
2019-10-31 9:15 ` David Hildenbrand
2019-10-31 12:10 ` Michael Mueller
2019-11-05 17:51 ` Cornelia Huck
2019-11-07 12:42 ` Michael Mueller
2019-11-14 11:48 ` Thomas Huth
2019-10-24 11:40 ` [RFC 14/37] KVM: s390: protvirt: Implement interruption injection Janosch Frank
2019-11-04 10:29 ` David Hildenbrand
2019-11-04 14:05 ` Christian Borntraeger
2019-11-04 14:23 ` David Hildenbrand
2019-11-14 12:07 ` Thomas Huth
2019-10-24 11:40 ` [RFC 15/37] KVM: s390: protvirt: Add machine-check interruption injection controls Janosch Frank
2019-11-13 14:49 ` Thomas Huth
2019-11-13 15:57 ` Michael Mueller
2019-10-24 11:40 ` [RFC 16/37] KVM: s390: protvirt: Implement machine-check interruption injection Janosch Frank
2019-11-05 18:11 ` Cornelia Huck
2019-10-24 11:40 ` [RFC 17/37] DOCUMENTATION: protvirt: Instruction emulation Janosch Frank
2019-11-14 15:15 ` Cornelia Huck
2019-11-14 15:20 ` Claudio Imbrenda
2019-11-14 15:41 ` Cornelia Huck
2019-11-14 15:55 ` Janosch Frank
2019-11-14 16:03 ` Cornelia Huck
2019-11-14 16:18 ` Janosch Frank
2019-10-24 11:40 ` [RFC 18/37] KVM: s390: protvirt: Handle spec exception loops Janosch Frank
2019-11-14 14:22 ` Thomas Huth
2019-10-24 11:40 ` [RFC 19/37] KVM: s390: protvirt: Add new gprs location handling Janosch Frank
2019-11-04 11:25 ` David Hildenbrand
2019-11-05 12:01 ` Christian Borntraeger
2019-11-05 12:39 ` Janosch Frank
2019-11-05 13:55 ` David Hildenbrand
2019-11-05 14:11 ` Janosch Frank
2019-11-05 14:18 ` David Hildenbrand
2019-11-14 14:46 ` Thomas Huth
2019-11-14 14:44 ` Thomas Huth
2019-11-14 15:56 ` Janosch Frank
2019-10-24 11:40 ` [RFC 20/37] KVM: S390: protvirt: Introduce instruction data area bounce buffer Janosch Frank
2019-11-14 15:36 ` Thomas Huth
2019-11-14 16:04 ` Janosch Frank
2019-11-14 16:21 ` [PATCH] Fixup sida bouncing Janosch Frank
2019-11-15 8:19 ` Thomas Huth
2019-11-15 8:50 ` Janosch Frank
2019-11-15 9:21 ` Thomas Huth
2019-10-24 11:40 ` [RFC 21/37] KVM: S390: protvirt: Instruction emulation Janosch Frank
2019-11-14 15:38 ` Cornelia Huck
2019-11-14 16:00 ` Janosch Frank
2019-11-14 16:05 ` Cornelia Huck
2019-10-24 11:40 ` [RFC 22/37] KVM: s390: protvirt: Add SCLP handling Janosch Frank
2019-10-24 11:40 ` [RFC 23/37] KVM: s390: protvirt: Make sure prefix is always protected Janosch Frank
2019-11-18 16:39 ` Cornelia Huck
2019-11-19 8:11 ` Janosch Frank
2019-11-19 9:45 ` Cornelia Huck
2019-11-19 10:08 ` Janosch Frank
2019-11-19 10:18 ` David Hildenbrand
2019-11-19 11:36 ` Janosch Frank
2019-10-24 11:40 ` [RFC 24/37] KVM: s390: protvirt: Write sthyi data to instruction data area Janosch Frank
2019-11-15 8:04 ` Thomas Huth
2019-11-15 10:16 ` Janosch Frank
2019-11-15 10:21 ` Thomas Huth
2019-11-15 12:17 ` [PATCH] SIDAD macro fixup Janosch Frank
2019-10-24 11:40 ` [RFC 25/37] KVM: s390: protvirt: STSI handling Janosch Frank
2019-11-15 8:27 ` Thomas Huth
2019-10-24 11:40 ` [RFC 26/37] KVM: s390: protvirt: Only sync fmt4 registers Janosch Frank
2019-11-15 9:02 ` Thomas Huth
2019-11-15 10:01 ` Janosch Frank
2019-10-24 11:40 ` [RFC 27/37] KVM: s390: protvirt: SIGP handling Janosch Frank
2019-10-30 18:29 ` David Hildenbrand
2019-11-15 11:15 ` Thomas Huth
2019-10-24 11:40 ` [RFC 28/37] KVM: s390: protvirt: Add program exception injection Janosch Frank
2019-10-24 11:40 ` [RFC 29/37] KVM: s390: protvirt: Sync pv state Janosch Frank
2019-11-15 9:36 ` Thomas Huth
2019-11-15 9:59 ` Janosch Frank
2019-10-24 11:40 ` [RFC 30/37] DOCUMENTATION: protvirt: Diag 308 IPL Janosch Frank
2019-11-06 16:48 ` Cornelia Huck
2019-11-06 17:05 ` Janosch Frank
2019-11-06 17:37 ` Cornelia Huck
2019-11-06 21:02 ` Janosch Frank
2019-11-07 8:53 ` Cornelia Huck
2019-11-07 8:59 ` Janosch Frank [this message]
2019-10-24 11:40 ` [RFC 31/37] KVM: s390: protvirt: Add diag 308 subcode 8 - 10 handling Janosch Frank
2019-11-15 10:04 ` Thomas Huth
2019-11-15 10:20 ` Janosch Frank
2019-11-15 10:27 ` Thomas Huth
2019-11-15 11:29 ` Janosch Frank
2019-10-24 11:40 ` [RFC 32/37] KVM: s390: protvirt: UV calls diag308 0, 1 Janosch Frank
2019-11-15 10:07 ` Thomas Huth
2019-11-15 11:39 ` Janosch Frank
2019-11-15 13:30 ` Thomas Huth
2019-11-15 14:08 ` Janosch Frank
2019-10-24 11:40 ` [RFC 33/37] KVM: s390: Introduce VCPU reset IOCTL Janosch Frank
2019-11-15 10:47 ` Thomas Huth
2019-11-15 13:06 ` Janosch Frank
2019-11-15 13:18 ` Thomas Huth
2019-10-24 11:40 ` [RFC 34/37] KVM: s390: protvirt: Report CPU state to Ultravisor Janosch Frank
2019-10-24 11:40 ` [RFC 35/37] KVM: s390: Fix cpu reset local IRQ clearing Janosch Frank
2019-11-15 11:23 ` Thomas Huth
2019-11-15 11:37 ` Janosch Frank
2019-10-24 11:40 ` [RFC 36/37] KVM: s390: protvirt: Support cmd 5 operation state Janosch Frank
2019-11-15 11:25 ` Thomas Huth
2019-11-18 17:38 ` Cornelia Huck
2019-11-19 8:13 ` Janosch Frank
2019-11-19 10:23 ` Cornelia Huck
2019-11-19 11:40 ` Janosch Frank
2019-10-24 11:40 ` [RFC 37/37] KVM: s390: protvirt: Add UV debug trace Janosch Frank
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=be94339f-90cf-3ce9-aaec-f6031dc11aeb@linux.ibm.com \
--to=frankja@linux.ibm.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=gor@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=mihajlov@linux.ibm.com \
--cc=mimu@linux.ibm.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.