POWER platforms that supports the Protected Execution Facility (PEF) introduce features that combine hardware facilities and firmware to enable secure virtual machines. That includes a new processor mode (ultravisor mode) and the ultravisor firmware. In PEF enabled systems, the ultravisor firmware runs at a privilege level above the hypervisor and also takes control over some system resources. The hypervisor, though, can make system calls to access these resources. Such system calls, a.k.a. ucalls, are handled by the ultravisor firmware. The processor allows part of the system memory to be configured as secure memory, and introduces a a new mode, called secure mode, where any software entity in that mode can access secure memory. The hypervisor doesn't (and can't) run in secure mode, but a secure guest and the ultravisor firmware do. This patch set adds support for ultravisor calls and do some preparation for running secure guests. --- Changelog: --- v3->v4: - Patch "KVM: PPC: Ultravisor: Add PPC_UV config option": - Moved to the patchset "kvmppc: HMM driver to manage pages of secure guest" v5 that will be posted by Bharata Rao. - Patch "powerpc: Introduce FW_FEATURE_ULTRAVISOR": - Changed to depend only on CONFIG_PPC_POWERNV. - Patch "KVM: PPC: Ultravisor: Add generic ultravisor call handler": - Fixed whitespaces in ucall.S and in ultravisor-api.h. - Changed to depend only on CONFIG_PPC_POWERNV. - Changed the ucall wrapper to pass the ucall number in R3. - Patch "KVM: PPC: Ultravisor: Use UV_WRITE_PATE ucall to register a PATE: - Changed to depend only on CONFIG_PPC_POWERNV. - Patch "KVM: PPC: Ultravisor: Restrict LDBAR access": - Fixed comment in opal-imc.c to be "Disable IMC devices, when Ultravisor is enabled. - Fixed signed-off-by. - Patch "KVM: PPC: Ultravisor: Enter a secure guest": - Changed the UV_RETURN assembly call to save the actual R3 in R0 for the ultravisor and pass the UV_RETURN call number in R3. - Patch "KVM: PPC: Ultravisor: Check for MSR_S during hv_reset_msr": - Fixed commit message. - Rebased to powerpc/next. v2->v3: - Squashed patches: - "KVM: PPC: Ultravisor: Return to UV for hcalls from SVM" - "KVM: PPC: Book3S HV: Fixed for running secure guests" - Renamed patch from/to: - "KVM: PPC: Ultravisor: Return to UV for hcalls from SVM" - "KVM: PPC: Ultravisor: Enter a secure guest - Rebased - Addressed comments from Paul Mackerras - Dropped ultravisor checks made in power8 code - Updated the commit message for: "KVM: PPC: Ultravisor: Enter a secure guest" - Addressed comments from Maddy - Dropped imc-pmu.c changes - Changed opal-imc.c to fail the probe when the ultravisor is enabled - Fixed "ucall defined but not used" issue when CONFIG_PPC_UV not set v1->v2: - Addressed comments from Paul Mackerras: - Write the pate in HV's table before doing that in UV's - Renamed and better documented the ultravisor header files. Also added all possible return codes for each ucall - Updated the commit message that introduces the MSR_S bit - Moved ultravisor.c and ucall.S to arch/powerpc/kernel - Changed ucall.S to not save CR - Rebased - Changed the patches order - Updated several commit messages - Added FW_FEATURE_ULTRAVISOR to enable use of firmware_has_feature() - Renamed CONFIG_PPC_KVM_UV to CONFIG_PPC_UV and used it to ifdef the ucall handler and the code that populates the powerpc_firmware_features for ultravisor - Exported the ucall symbol. KVM may be built as module. - Restricted LDBAR access if the ultravisor firmware is available - Dropped patches: - "[PATCH 06/13] KVM: PPC: Ultravisor: UV_RESTRICTED_SPR_WRITE ucall" - "[PATCH 07/13] KVM: PPC: Ultravisor: UV_RESTRICTED_SPR_READ ucall" - "[PATCH 08/13] KVM: PPC: Ultravisor: fix mtspr and mfspr" - Squashed patches: - "[PATCH 09/13] KVM: PPC: Ultravisor: Return to UV for hcalls from SVM" - "[PATCH 13/13] KVM: PPC: UV: Have fast_guest_return check secure_guest" Claudio Carvalho (2): powerpc: Introduce FW_FEATURE_ULTRAVISOR KVM: PPC: Ultravisor: Restrict LDBAR access Michael Anderson (2): KVM: PPC: Ultravisor: Use UV_WRITE_PATE ucall to register a PATE KVM: PPC: Ultravisor: Check for MSR_S during hv_reset_msr Ram Pai (2): KVM: PPC: Ultravisor: Add generic ultravisor call handler KVM: PPC: Ultravisor: Restrict flush of the partition tlb cache Sukadev Bhattiprolu (2): KVM: PPC: Ultravisor: Introduce the MSR_S bit KVM: PPC: Ultravisor: Enter a secure guest arch/powerpc/include/asm/firmware.h | 5 +- arch/powerpc/include/asm/kvm_host.h | 1 + arch/powerpc/include/asm/reg.h | 3 ++ arch/powerpc/include/asm/ultravisor-api.h | 24 +++++++++ arch/powerpc/include/asm/ultravisor.h | 49 +++++++++++++++++ arch/powerpc/kernel/Makefile | 1 + arch/powerpc/kernel/asm-offsets.c | 1 + arch/powerpc/kernel/prom.c | 4 ++ arch/powerpc/kernel/ucall.S | 30 +++++++++++ arch/powerpc/kernel/ultravisor.c | 28 ++++++++++ arch/powerpc/kvm/book3s_64_mmu_hv.c | 1 + arch/powerpc/kvm/book3s_hv_rmhandlers.S | 42 ++++++++++++--- arch/powerpc/mm/book3s64/hash_utils.c | 3 +- arch/powerpc/mm/book3s64/pgtable.c | 65 +++++++++++++++++------ arch/powerpc/mm/book3s64/radix_pgtable.c | 9 ++-- arch/powerpc/platforms/powernv/idle.c | 6 ++- arch/powerpc/platforms/powernv/opal-imc.c | 4 ++ 17 files changed, 246 insertions(+), 30 deletions(-) create mode 100644 arch/powerpc/include/asm/ultravisor-api.h create mode 100644 arch/powerpc/include/asm/ultravisor.h create mode 100644 arch/powerpc/kernel/ucall.S create mode 100644 arch/powerpc/kernel/ultravisor.c -- 2.20.1