On 14.02.20 23:26, Christian Borntraeger wrote:
> From: Janosch Frank <frankja@xxxxxxxxxxxxx>
>
> If the host initialized the Ultravisor, we can set stfle bit 161
> (protected virtual IPL enhancements facility), which indicates that
> the IPL subcodes 8, 9, and 10 are valid. These subcodes are used by a
> normal guest to set/retrieve an IPL information block of type 5 (for
> protected virtual machines) and transition into protected mode.
>
> Once in protected mode, the Ultravisor will conceal the facility bit.
> Therefore each boot into protected mode has to go through
> non-protected mode. There is no secure re-ipl with subcode 10 without
> a previous subcode 3.
>
> In protected mode, there is no subcode 4 available, as the VM has no
> more access to its memory from non-protected mode. I.e., only a IPL
> clear is possible.
>
> The error cases will all be handled in userspace.
>
> Signed-off-by: Janosch Frank <frankja@xxxxxxxxxxxxx>
> Reviewed-by: Cornelia Huck <cohuck@xxxxxxxxxx>
> [borntraeger@xxxxxxxxxx: patch merging, splitting, fixing]
> Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx>
> ---
> arch/s390/kvm/kvm-s390.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
> index 4a97d3b7840e..f96c1f530cc2 100644
> --- a/arch/s390/kvm/kvm-s390.c
> +++ b/arch/s390/kvm/kvm-s390.c
> @@ -2621,6 +2621,11 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
> if (css_general_characteristics.aiv && test_facility(65))
> set_kvm_facility(kvm->arch.model.fac_mask, 65);
>
> + if (is_prot_virt_host()) {
> + set_kvm_facility(kvm->arch.model.fac_mask, 161);
> + set_kvm_facility(kvm->arch.model.fac_list, 161);
> + }
> +
Aren't these IPL subcodes completely emulated in QEMU? If so, rather
QEMU with support should enable them when the kernel capability for PV
(=== is_prot_virt_host()) is in place.
--
Thanks,
David / dhildenb
