On Thu, 24 Oct 2019 07:40:25 -0400
Janosch Frank <frankja@xxxxxxxxxxxxx> wrote:
> From: Vasily Gorbik <gor@xxxxxxxxxxxxx>
>
> Before being able to host protected virtual machines, donate some of
> the memory to the ultravisor. Besides that the ultravisor might impose
> addressing limitations for memory used to back protected VM storage. Treat
> that limit as protected virtualization host's virtual memory limit.
>
> Signed-off-by: Vasily Gorbik <gor@xxxxxxxxxxxxx>
> ---
> arch/s390/include/asm/uv.h | 16 ++++++++++++
> arch/s390/kernel/setup.c | 3 +++
> arch/s390/kernel/uv.c | 53 ++++++++++++++++++++++++++++++++++++++
> 3 files changed, 72 insertions(+)
(...)
> diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c
> index 35ce89695509..f7778493e829 100644
> --- a/arch/s390/kernel/uv.c
> +++ b/arch/s390/kernel/uv.c
> @@ -45,4 +45,57 @@ static int __init prot_virt_setup(char *val)
> return rc;
> }
> early_param("prot_virt", prot_virt_setup);
> +
> +static int __init uv_init(unsigned long stor_base, unsigned long stor_len)
> +{
> + struct uv_cb_init uvcb = {
> + .header.cmd = UVC_CMD_INIT_UV,
> + .header.len = sizeof(uvcb),
> + .stor_origin = stor_base,
> + .stor_len = stor_len,
> + };
> + int cc;
> +
> + cc = uv_call(0, (uint64_t)&uvcb);
> + if (cc || uvcb.header.rc != UVC_RC_EXECUTED) {
> + pr_err("Ultravisor init failed with cc: %d rc: 0x%hx\n", cc,
> + uvcb.header.rc);
> + return -1;
Is there any reasonable case where that call might fail if we have the
facility installed? Bad stor_base, maybe?
> + }
> + return 0;
> +}
> +
> +void __init setup_uv(void)
> +{
> + unsigned long uv_stor_base;
> +
> + if (!prot_virt_host)
> + return;
> +
> + uv_stor_base = (unsigned long)memblock_alloc_try_nid(
> + uv_info.uv_base_stor_len, SZ_1M, SZ_2G,
> + MEMBLOCK_ALLOC_ACCESSIBLE, NUMA_NO_NODE);
> + if (!uv_stor_base) {
> + pr_info("Failed to reserve %lu bytes for ultravisor base storage\n",
> + uv_info.uv_base_stor_len);
> + goto fail;
> + }
> +
> + if (uv_init(uv_stor_base, uv_info.uv_base_stor_len)) {
> + memblock_free(uv_stor_base, uv_info.uv_base_stor_len);
> + goto fail;
> + }
> +
> + pr_info("Reserving %luMB as ultravisor base storage\n",
> + uv_info.uv_base_stor_len >> 20);
> + return;
> +fail:
> + prot_virt_host = 0;
So, what happens if the user requested protected virtualization and any
of the above failed? We turn off host support, so any attempt to start
a protected virtualization guest on that host will fail (hopefully with
a meaningful error), I guess.
Is there any use case where we'd want to make failure to set this up
fatal?
> +}
> +
> +void adjust_to_uv_max(unsigned long *vmax)
> +{
> + if (prot_virt_host && *vmax > uv_info.max_sec_stor_addr)
> + *vmax = uv_info.max_sec_stor_addr;
> +}
> #endif
