On 24.10.19 13:40, Janosch Frank wrote:
> Introduction to Protected VMs.
>
> Signed-off-by: Janosch Frank <frankja@xxxxxxxxxxxxx>
> ---
> Documentation/virtual/kvm/s390-pv.txt | 23 +++++++++++++++++++++++
> 1 file changed, 23 insertions(+)
> create mode 100644 Documentation/virtual/kvm/s390-pv.txt
>
> diff --git a/Documentation/virtual/kvm/s390-pv.txt b/Documentation/virtual/kvm/s390-pv.txt
> new file mode 100644
> index 000000000000..86ed95f36759
> --- /dev/null
> +++ b/Documentation/virtual/kvm/s390-pv.txt
> @@ -0,0 +1,23 @@
> +Ultravisor and Protected VMs
> +===========================
> +
> +Summary:
> +
> +Protected VMs (PVM) are KVM VMs, where KVM can't access the VM's state
> +like guest memory and guest registers anymore. Instead the PVMs are
> +mostly managed by a new entity called Ultravisor (UV), which provides
> +an API, so KVM and the PVM can request management actions.
> +
> +Each guest starts in the non-protected mode and then transitions into
> +protected mode. On transition KVM registers the guest and its VCPUs
> +with the Ultravisor and prepares everything for running it.
> +
> +The Ultravisor will secure and decrypt the guest's boot memory
> +(i.e. kernel/initrd). It will safeguard state changes like VCPU
> +starts/stops and injected interrupts while the guest is running.
> +
> +As access to the guest's state, like the SIE state description is
not a native speaker, but do we need a , /here\ ?
> +normally needed to be able to run a VM, some changes have been made in
> +SIE behavior and fields have different meaning for a PVM. SIE exits
> +are minimized as much as possible to improve speed and reduce exposed
> +guest state.
>
Acked-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
After review we could merge all documentation patches into one, if we want.
