On Mon, Nov 04, 2019 at 09:47:54AM +0530, Bharata B Rao wrote: > A pseries guest can be run as secure guest on Ultravisor-enabled > POWER platforms. On such platforms, this driver will be used to manage > the movement of guest pages between the normal memory managed by > hypervisor (HV) and secure memory managed by Ultravisor (UV). > > HV is informed about the guest's transition to secure mode via hcalls: > > H_SVM_INIT_START: Initiate securing a VM > H_SVM_INIT_DONE: Conclude securing a VM > > As part of H_SVM_INIT_START, register all existing memslots with > the UV. H_SVM_INIT_DONE call by UV informs HV that transition of > the guest to secure mode is complete. > > These two states (transition to secure mode STARTED and transition > to secure mode COMPLETED) are recorded in kvm->arch.secure_guest. > Setting these states will cause the assembly code that enters the > guest to call the UV_RETURN ucall instead of trying to enter the > guest directly. > > Migration of pages betwen normal and secure memory of secure > guest is implemented in H_SVM_PAGE_IN and H_SVM_PAGE_OUT hcalls. > > H_SVM_PAGE_IN: Move the content of a normal page to secure page > H_SVM_PAGE_OUT: Move the content of a secure page to normal page > > Private ZONE_DEVICE memory equal to the amount of secure memory > available in the platform for running secure guests is created. > Whenever a page belonging to the guest becomes secure, a page from > this private device memory is used to represent and track that secure > page on the HV side. The movement of pages between normal and secure > memory is done via migrate_vma_pages() using UV_PAGE_IN and > UV_PAGE_OUT ucalls. > > Signed-off-by: Bharata B Rao <bharata@xxxxxxxxxxxxx> Reviewed-by: Paul Mackerras <paulus@xxxxxxxxxx>
