On 03.02.20 14:19, Christian Borntraeger wrote: > Protected VMs (PVM) are KVM VMs, where KVM can't access the VM's state > like guest memory and guest registers anymore. Instead the PVMs are > mostly managed by a new entity called Ultravisor (UV), which provides > an API, so KVM and the PV can request management actions. > > PVMs are encrypted at rest and protected from hypervisor access while > running. They switch from a normal operation into protected mode, so > we can still use the standard boot process to load a encrypted blob > and then move it into protected mode. > > Rebooting is only possible by passing through the unprotected/normal > mode and switching to protected again. > > All patches are in the protvirtv2 branch of the korg s390 kvm git > (on top of Janoschs reset rework). > > Claudio presented the technology at his presentation at KVM Forum > 2019. > > This contains a "pretty small" common code memory management change that > will allow paging, guest backing with files etc almost just like normal > VMs. Please note that the memory management part will still see some > changes to deal with a corner case for the adapter interrupt indicator > pages. So please focus on the non-mm parts (which hopefully has > everthing addressed in the next version). Claudio will work with Andrea > regarding this. > > Christian Borntraeger (3): > KVM: s390/mm: Make pages accessible before destroying the guest > KVM: s390: protvirt: Add SCLP interrupt handling > KVM: s390: protvirt: do not inject interrupts after start > > Claudio Imbrenda (3): > mm:gup/writeback: add callbacks for inaccessible pages > s390/mm: provide memory management functions for protected KVM guests > KVM: s390/mm: handle guest unpin events > > Janosch Frank (24): > DOCUMENTATION: protvirt: Protected virtual machine introduction > KVM: s390: add new variants of UV CALL > KVM: s390: protvirt: Add initial lifecycle handling > KVM: s390: protvirt: Add KVM api documentation > KVM: s390: protvirt: Secure memory is not mergeable > KVM: s390: protvirt: Handle SE notification interceptions > KVM: s390: protvirt: Instruction emulation > KVM: s390: protvirt: Handle spec exception loops > KVM: s390: protvirt: Add new gprs location handling > KVM: S390: protvirt: Introduce instruction data area bounce buffer > KVM: s390: protvirt: handle secure guest prefix pages > KVM: s390: protvirt: Write sthyi data to instruction data area > KVM: s390: protvirt: STSI handling > KVM: s390: protvirt: disallow one_reg > KVM: s390: protvirt: Only sync fmt4 registers > KVM: s390: protvirt: Add program exception injection > DOCUMENTATION: protvirt: Diag 308 IPL > KVM: s390: protvirt: Add diag 308 subcode 8 - 10 handling > KVM: s390: protvirt: UV calls diag308 0, 1 > KVM: s390: protvirt: Report CPU state to Ultravisor > KVM: s390: protvirt: Support cmd 5 operation state > KVM: s390: protvirt: Add UV debug trace > KVM: s390: protvirt: Mask PSW interrupt bits for interception 104 and > 112 > KVM: s390: protvirt: Add UV cpu reset calls > > Michael Mueller (4): > KVM: s390: protvirt: Add interruption injection controls > KVM: s390: protvirt: Implement interruption injection > KVM: s390: protvirt: Add machine-check interruption injection controls > KVM: s390: protvirt: Implement machine-check interruption injection > > Vasily Gorbik (3): > s390/protvirt: introduce host side setup > s390/protvirt: add ultravisor initialization > s390: add (non)secure page access exceptions handlers > > .../admin-guide/kernel-parameters.txt | 5 + > Documentation/virt/kvm/api.txt | 62 +++ > Documentation/virt/kvm/s390-pv-boot.rst | 64 +++ > Documentation/virt/kvm/s390-pv.rst | 103 ++++ > MAINTAINERS | 1 + > arch/s390/boot/Makefile | 2 +- > arch/s390/boot/uv.c | 20 +- > arch/s390/include/asm/gmap.h | 3 + > arch/s390/include/asm/kvm_host.h | 112 +++- > arch/s390/include/asm/mmu.h | 2 + > arch/s390/include/asm/mmu_context.h | 1 + > arch/s390/include/asm/page.h | 5 + > arch/s390/include/asm/pgtable.h | 35 +- > arch/s390/include/asm/uv.h | 265 +++++++++- > arch/s390/kernel/Makefile | 1 + > arch/s390/kernel/pgm_check.S | 4 +- > arch/s390/kernel/setup.c | 7 +- > arch/s390/kernel/uv.c | 271 ++++++++++ > arch/s390/kvm/Kconfig | 19 + > arch/s390/kvm/Makefile | 2 +- > arch/s390/kvm/diag.c | 7 + > arch/s390/kvm/intercept.c | 107 +++- > arch/s390/kvm/interrupt.c | 211 ++++++-- > arch/s390/kvm/kvm-s390.c | 486 ++++++++++++++++-- > arch/s390/kvm/kvm-s390.h | 56 ++ > arch/s390/kvm/priv.c | 9 +- > arch/s390/kvm/pv.c | 293 +++++++++++ > arch/s390/mm/fault.c | 87 ++++ > arch/s390/mm/gmap.c | 63 ++- > include/linux/gfp.h | 6 + > include/uapi/linux/kvm.h | 47 +- > mm/gup.c | 2 + > mm/page-writeback.c | 1 + > 33 files changed, 2217 insertions(+), 142 deletions(-) > create mode 100644 Documentation/virt/kvm/s390-pv-boot.rst > create mode 100644 Documentation/virt/kvm/s390-pv.rst > create mode 100644 arch/s390/kernel/uv.c > create mode 100644 arch/s390/kvm/pv.c > Due to the huge amount of review feedback (which makestime-consuming to review if one doesn't want to comment the same thing again), I suggest sending a new RFC rather soon-ish (e.g., on a weekly basis) - if nobody objects. Would at least make my life easier :) -- Thanks, David / dhildenb
