Protected VMs (PVM) are KVM VMs, where KVM can't access the VM's state like guest memory and guest registers anymore. Instead the PVMs are mostly managed by a new entity called Ultravisor (UV), which provides an API, so KVM and the PV can request management actions. PVMs are encrypted at rest and protected from hypervisor access while running. They switch from a normal operation into protected mode, so we can still use the standard boot process to load a encrypted blob and then move it into protected mode. Rebooting is only possible by passing through the unprotected/normal mode and switching to protected again. All patches are in the protvirt branch of the korg s390 kvm git. Claudio will present the technology at his presentation at KVM Forum 2019. Christian Borntraeger (1): KVM: s390: protvirt: Add SCLP handling Claudio Imbrenda (2): KVM: s390: add missing include in gmap.h KVM: s390: protvirt: Implement on-demand pinning Janosch Frank (27): DOCUMENTATION: protvirt: Protected virtual machine introduction KVM: s390: protvirt: Add initial lifecycle handling s390: KVM: Export PV handle to gmap s390: UV: Add import and export to UV library KVM: s390: protvirt: Secure memory is not mergeable DOCUMENTATION: protvirt: Interrupt injection KVM: s390: protvirt: Handle SE notification interceptions DOCUMENTATION: protvirt: Instruction emulation KVM: s390: protvirt: Handle spec exception loops KVM: s390: protvirt: Add new gprs location handling KVM: S390: protvirt: Introduce instruction data area bounce buffer KVM: S390: protvirt: Instruction emulation KVM: s390: protvirt: Make sure prefix is always protected KVM: s390: protvirt: Write sthyi data to instruction data area KVM: s390: protvirt: STSI handling KVM: s390: protvirt: Only sync fmt4 registers KVM: s390: protvirt: SIGP handling KVM: s390: protvirt: Add program exception injection KVM: s390: protvirt: Sync pv state DOCUMENTATION: protvirt: Diag 308 IPL KVM: s390: protvirt: Add diag 308 subcode 8 - 10 handling KVM: s390: protvirt: UV calls diag308 0, 1 KVM: s390: Introduce VCPU reset IOCTL KVM: s390: protvirt: Report CPU state to Ultravisor KVM: s390: Fix cpu reset local IRQ clearing KVM: s390: protvirt: Support cmd 5 operation state KVM: s390: protvirt: Add UV debug trace Michael Mueller (4): KVM: s390: protvirt: Add interruption injection controls KVM: s390: protvirt: Implement interruption injection KVM: s390: protvirt: Add machine-check interruption injection controls KVM: s390: protvirt: Implement machine-check interruption injection Vasily Gorbik (3): s390/protvirt: introduce host side setup s390/protvirt: add ultravisor initialization s390: add (non)secure page access exceptions handlers .../admin-guide/kernel-parameters.txt | 5 + Documentation/virtual/kvm/s390-pv-boot.txt | 62 +++ Documentation/virtual/kvm/s390-pv.txt | 97 ++++ arch/s390/boot/Makefile | 2 +- arch/s390/boot/uv.c | 20 +- arch/s390/include/asm/gmap.h | 4 + arch/s390/include/asm/kvm_host.h | 103 +++- arch/s390/include/asm/uv.h | 255 +++++++++- arch/s390/include/uapi/asm/kvm.h | 5 +- arch/s390/kernel/Makefile | 1 + arch/s390/kernel/pgm_check.S | 4 +- arch/s390/kernel/setup.c | 7 +- arch/s390/kernel/uv.c | 121 +++++ arch/s390/kvm/Kconfig | 9 + arch/s390/kvm/Makefile | 2 +- arch/s390/kvm/diag.c | 7 + arch/s390/kvm/intercept.c | 91 +++- arch/s390/kvm/interrupt.c | 208 ++++++-- arch/s390/kvm/kvm-s390.c | 476 +++++++++++++++--- arch/s390/kvm/kvm-s390.h | 58 +++ arch/s390/kvm/priv.c | 9 +- arch/s390/kvm/pv.c | 317 ++++++++++++ arch/s390/mm/fault.c | 64 +++ arch/s390/mm/gmap.c | 28 +- include/uapi/linux/kvm.h | 42 ++ 25 files changed, 1848 insertions(+), 149 deletions(-) create mode 100644 Documentation/virtual/kvm/s390-pv-boot.txt create mode 100644 Documentation/virtual/kvm/s390-pv.txt create mode 100644 arch/s390/kernel/uv.c create mode 100644 arch/s390/kvm/pv.c -- 2.20.1
