From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B83D1C33CAC for ; Mon, 3 Feb 2020 13:20:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 89E952084E for ; Mon, 3 Feb 2020 13:20:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727756AbgBCNUD (ORCPT ); Mon, 3 Feb 2020 08:20:03 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:24848 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726913AbgBCNUC (ORCPT ); Mon, 3 Feb 2020 08:20:02 -0500 Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 013DFUNa059470 for ; Mon, 3 Feb 2020 08:20:01 -0500 Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 2xxbx5ykag-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 03 Feb 2020 08:20:01 -0500 Received: from m0098404.ppops.net (m0098404.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 013DFm2S060616 for ; Mon, 3 Feb 2020 08:20:01 -0500 Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0a-001b2d01.pphosted.com with ESMTP id 2xxbx5yka0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 03 Feb 2020 08:20:01 -0500 Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 013DFSGN028727; Mon, 3 Feb 2020 13:20:00 GMT Received: from b01cxnp22033.gho.pok.ibm.com (b01cxnp22033.gho.pok.ibm.com [9.57.198.23]) by ppma02dal.us.ibm.com with ESMTP id 2xw0y6da44-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 03 Feb 2020 13:20:00 +0000 Received: from b01ledav001.gho.pok.ibm.com (b01ledav001.gho.pok.ibm.com [9.57.199.106]) by b01cxnp22033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 013DJwkv46072098 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 3 Feb 2020 13:19:58 GMT Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 4AE612806E; Mon, 3 Feb 2020 13:19:58 +0000 (GMT) Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3C0C92805C; Mon, 3 Feb 2020 13:19:58 +0000 (GMT) Received: from localhost.localdomain (unknown [9.114.17.106]) by b01ledav001.gho.pok.ibm.com (Postfix) with ESMTP; Mon, 3 Feb 2020 13:19:58 +0000 (GMT) From: Christian Borntraeger To: Christian Borntraeger , Janosch Frank Cc: KVM , Cornelia Huck , David Hildenbrand , Thomas Huth , Ulrich Weigand , Claudio Imbrenda , Andrea Arcangeli Subject: [RFCv2 00/37] KVM: s390: Add support for protected VMs Date: Mon, 3 Feb 2020 08:19:20 -0500 Message-Id: <20200203131957.383915-1-borntraeger@de.ibm.com> X-Mailer: git-send-email 2.24.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138,18.0.572 definitions=2020-02-03_04:2020-02-02,2020-02-03 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 priorityscore=1501 adultscore=0 bulkscore=0 phishscore=0 clxscore=1015 impostorscore=0 lowpriorityscore=0 spamscore=0 malwarescore=0 suspectscore=0 mlxlogscore=661 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1911200001 definitions=main-2002030099 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org Protected VMs (PVM) are KVM VMs, where KVM can't access the VM's state like guest memory and guest registers anymore. Instead the PVMs are mostly managed by a new entity called Ultravisor (UV), which provides an API, so KVM and the PV can request management actions. PVMs are encrypted at rest and protected from hypervisor access while running. They switch from a normal operation into protected mode, so we can still use the standard boot process to load a encrypted blob and then move it into protected mode. Rebooting is only possible by passing through the unprotected/normal mode and switching to protected again. All patches are in the protvirtv2 branch of the korg s390 kvm git (on top of Janoschs reset rework). Claudio presented the technology at his presentation at KVM Forum 2019. This contains a "pretty small" common code memory management change that will allow paging, guest backing with files etc almost just like normal VMs. Please note that the memory management part will still see some changes to deal with a corner case for the adapter interrupt indicator pages. So please focus on the non-mm parts (which hopefully has everthing addressed in the next version). Claudio will work with Andrea regarding this. Christian Borntraeger (3): KVM: s390/mm: Make pages accessible before destroying the guest KVM: s390: protvirt: Add SCLP interrupt handling KVM: s390: protvirt: do not inject interrupts after start Claudio Imbrenda (3): mm:gup/writeback: add callbacks for inaccessible pages s390/mm: provide memory management functions for protected KVM guests KVM: s390/mm: handle guest unpin events Janosch Frank (24): DOCUMENTATION: protvirt: Protected virtual machine introduction KVM: s390: add new variants of UV CALL KVM: s390: protvirt: Add initial lifecycle handling KVM: s390: protvirt: Add KVM api documentation KVM: s390: protvirt: Secure memory is not mergeable KVM: s390: protvirt: Handle SE notification interceptions KVM: s390: protvirt: Instruction emulation KVM: s390: protvirt: Handle spec exception loops KVM: s390: protvirt: Add new gprs location handling KVM: S390: protvirt: Introduce instruction data area bounce buffer KVM: s390: protvirt: handle secure guest prefix pages KVM: s390: protvirt: Write sthyi data to instruction data area KVM: s390: protvirt: STSI handling KVM: s390: protvirt: disallow one_reg KVM: s390: protvirt: Only sync fmt4 registers KVM: s390: protvirt: Add program exception injection DOCUMENTATION: protvirt: Diag 308 IPL KVM: s390: protvirt: Add diag 308 subcode 8 - 10 handling KVM: s390: protvirt: UV calls diag308 0, 1 KVM: s390: protvirt: Report CPU state to Ultravisor KVM: s390: protvirt: Support cmd 5 operation state KVM: s390: protvirt: Add UV debug trace KVM: s390: protvirt: Mask PSW interrupt bits for interception 104 and 112 KVM: s390: protvirt: Add UV cpu reset calls Michael Mueller (4): KVM: s390: protvirt: Add interruption injection controls KVM: s390: protvirt: Implement interruption injection KVM: s390: protvirt: Add machine-check interruption injection controls KVM: s390: protvirt: Implement machine-check interruption injection Vasily Gorbik (3): s390/protvirt: introduce host side setup s390/protvirt: add ultravisor initialization s390: add (non)secure page access exceptions handlers .../admin-guide/kernel-parameters.txt | 5 + Documentation/virt/kvm/api.txt | 62 +++ Documentation/virt/kvm/s390-pv-boot.rst | 64 +++ Documentation/virt/kvm/s390-pv.rst | 103 ++++ MAINTAINERS | 1 + arch/s390/boot/Makefile | 2 +- arch/s390/boot/uv.c | 20 +- arch/s390/include/asm/gmap.h | 3 + arch/s390/include/asm/kvm_host.h | 112 +++- arch/s390/include/asm/mmu.h | 2 + arch/s390/include/asm/mmu_context.h | 1 + arch/s390/include/asm/page.h | 5 + arch/s390/include/asm/pgtable.h | 35 +- arch/s390/include/asm/uv.h | 265 +++++++++- arch/s390/kernel/Makefile | 1 + arch/s390/kernel/pgm_check.S | 4 +- arch/s390/kernel/setup.c | 7 +- arch/s390/kernel/uv.c | 271 ++++++++++ arch/s390/kvm/Kconfig | 19 + arch/s390/kvm/Makefile | 2 +- arch/s390/kvm/diag.c | 7 + arch/s390/kvm/intercept.c | 107 +++- arch/s390/kvm/interrupt.c | 211 ++++++-- arch/s390/kvm/kvm-s390.c | 486 ++++++++++++++++-- arch/s390/kvm/kvm-s390.h | 56 ++ arch/s390/kvm/priv.c | 9 +- arch/s390/kvm/pv.c | 293 +++++++++++ arch/s390/mm/fault.c | 87 ++++ arch/s390/mm/gmap.c | 63 ++- include/linux/gfp.h | 6 + include/uapi/linux/kvm.h | 47 +- mm/gup.c | 2 + mm/page-writeback.c | 1 + 33 files changed, 2217 insertions(+), 142 deletions(-) create mode 100644 Documentation/virt/kvm/s390-pv-boot.rst create mode 100644 Documentation/virt/kvm/s390-pv.rst create mode 100644 arch/s390/kernel/uv.c create mode 100644 arch/s390/kvm/pv.c -- 2.24.0