On Thu, 24 Oct 2019 07:40:24 -0400 Janosch Frank <frankja@xxxxxxxxxxxxx> wrote: > From: Vasily Gorbik <gor@xxxxxxxxxxxxx> > > Introduce KVM_S390_PROTECTED_VIRTUALIZATION_HOST kbuild option for > protected virtual machines hosting support code. > > Add "prot_virt" command line option which controls if the kernel > protected VMs support is enabled at runtime. > > Extend ultravisor info definitions and expose it via uv_info struct > filled in during startup. > > Signed-off-by: Vasily Gorbik <gor@xxxxxxxxxxxxx> > --- > .../admin-guide/kernel-parameters.txt | 5 ++ > arch/s390/boot/Makefile | 2 +- > arch/s390/boot/uv.c | 20 +++++++- > arch/s390/include/asm/uv.h | 46 ++++++++++++++++-- > arch/s390/kernel/Makefile | 1 + > arch/s390/kernel/setup.c | 4 -- > arch/s390/kernel/uv.c | 48 +++++++++++++++++++ > arch/s390/kvm/Kconfig | 9 ++++ > 8 files changed, 126 insertions(+), 9 deletions(-) > create mode 100644 arch/s390/kernel/uv.c (...) > diff --git a/arch/s390/kvm/Kconfig b/arch/s390/kvm/Kconfig > index d3db3d7ed077..652b36f0efca 100644 > --- a/arch/s390/kvm/Kconfig > +++ b/arch/s390/kvm/Kconfig > @@ -55,6 +55,15 @@ config KVM_S390_UCONTROL > > If unsure, say N. > > +config KVM_S390_PROTECTED_VIRTUALIZATION_HOST > + bool "Protected guests execution support" > + depends on KVM > + ---help--- > + Support hosting protected virtual machines isolated from the > + hypervisor. I'm currently in the process of glancing across this patch set (won't be able to get around to properly looking at it until next week the earliest), so just a very high level comment: I think there's not enough information in here to allow someone configuring the kernel to decide what this is and if it would be useful to them. This should probably be at least point to some document giving some more details. Also, can you add a sentence where this feature is actually expected to be available? > + > + If unsure, say Y. Is 'Y' really the safe choice here? AFAICS, this is introducing new code and not only trying to call new interfaces, if available. Is there any drawback to enabling this on a kernel that won't run on a platform supporting this feature? Is this supposed to be a common setup? > + > # OK, it's a little counter-intuitive to do this, but it puts it neatly under > # the virtualization menu. > source "drivers/vhost/Kconfig"
