On 25.02.20 17:22, Cornelia Huck wrote: > On Mon, 24 Feb 2020 06:41:04 -0500 > Christian Borntraeger <borntraeger@xxxxxxxxxx> wrote: > >> From: Janosch Frank <frankja@xxxxxxxxxxxxx> >> >> Add documentation about protected KVM guests and description of changes >> that are necessary to move a KVM VM into Protected Virtualization mode. >> >> Signed-off-by: Janosch Frank <frankja@xxxxxxxxxxxxx> >> [borntraeger@xxxxxxxxxx: fixing and conversion to rst] >> Signed-off-by: Christian Borntraeger <borntraeger@xxxxxxxxxx> >> --- >> Documentation/virt/kvm/index.rst | 2 + >> Documentation/virt/kvm/s390-pv-boot.rst | 83 +++++++++++++++++ >> Documentation/virt/kvm/s390-pv.rst | 116 ++++++++++++++++++++++++ >> MAINTAINERS | 1 + >> 4 files changed, 202 insertions(+) >> create mode 100644 Documentation/virt/kvm/s390-pv-boot.rst >> create mode 100644 Documentation/virt/kvm/s390-pv.rst >> > (...) >> diff --git a/Documentation/virt/kvm/s390-pv-boot.rst b/Documentation/virt/kvm/s390-pv-boot.rst >> new file mode 100644 >> index 000000000000..b762df206ab7 >> --- /dev/null >> +++ b/Documentation/virt/kvm/s390-pv-boot.rst >> @@ -0,0 +1,83 @@ >> +.. SPDX-License-Identifier: GPL-2.0 >> + >> +====================================== >> +s390 (IBM Z) Boot/IPL of Protected VMs >> +====================================== >> + >> +Summary >> +------- >> +The memory of Protected Virtual Machines (PVMs) is not accessible to >> +I/O or the hypervisor. In those cases where the hypervisor needs to >> +access the memory of a PVM, that memory must be made accessible. >> +Memory made accessible to the hypervisor will be encrypted. See >> +:doc:`s390-pv` for details." >> + >> +On IPL (boot) a small plaintext bootloader is started, which provides >> +information about the encrypted components and necessary metadata to >> +KVM to decrypt the protected virtual machine. >> + >> +Based on this data, KVM will make the protected virtual machine known >> +to the Ultravisor(UV) and instruct it to secure the memory of the PVM, > > s/Ultravisor(UV)/Ultravisor (UV)/ ack > >> +decrypt the components and verify the data and address list hashes, to >> +ensure integrity. Afterwards KVM can run the PVM via the SIE >> +instruction which the UV will intercept and execute on KVM's behalf. > (...) >> +Subcodes 4 and 7, which specify operations that do not clear the guest >> +memory, will result in specification exceptions. This is because the >> +UV will clear all memory when a secure VM is removed, and therefore >> +non-clearing IPL subcodes are not allowed." > > stray '"' ack > > (...) >> diff --git a/Documentation/virt/kvm/s390-pv.rst b/Documentation/virt/kvm/s390-pv.rst >> new file mode 100644 >> index 000000000000..27fe03eaeaad >> --- /dev/null >> +++ b/Documentation/virt/kvm/s390-pv.rst >> @@ -0,0 +1,116 @@ >> +.. SPDX-License-Identifier: GPL-2.0 >> + >> +========================================= >> +s390 (IBM Z) Ultravisor and Protected VMs >> +========================================= >> + >> +Summary >> +------- >> +Protected virtual machines (PVM) are KVM VMs that do not allow KVM to >> +access VM state like guest memory or guest registers. Instead, the >> +PVMs are mostly managed by a new entity called Ultravisor (UV). The UV >> +provides an API that can be used by PVMs and KVM to request management >> +actions. >> + >> +Each guest starts in the non-protected mode and then may make a > > s/in the/in/ ack. > >> +request to transition into protected mode. On transition, KVM >> +registers the guest and its VCPUs with the Ultravisor and prepares >> +everything for running it. > (...) >> + >> +Mask notification interceptions >> +------------------------------- >> +In order to be notified when a PVM enables a certain class of >> +interrupt, KVM cannot intercept lctl(g) and lpsw(e) anymore. As a > > "KVM cannot intercept (...) in order to notified..." might read a bit > better. ok. >> +replacement, two new interception codes have been introduced: One >> +indicating that the contents of CRs 0, 6, or 14 have been changed, >> +indicating different interruption subclasses; and one indicating that >> +PSW bit 13 has been changed, indicating that a machine check >> +intervention was requested and those are now enabled. >> + >> +Instruction emulation >> +--------------------- >> +With the format 4 state description for PVMs, the SIE instruction already >> +interprets more instructions than it does with format 2. It is not able >> +to interpret every instruction, but needs to hand some tasks to KVM; >> +therefore, the SIE and the ultravisor safeguard emulation inputs and outputs. >> + >> +The control structures associated with SIE provide the Secure >> +Instruction Data Area (SIDA), the Interception Parameters (IP) and the >> +Secure Interception General Register Save Area. Guest GRs and most of >> +the instruction data, such as I/O data structures, are filtered. >> +Instruction data is copied to and from the Secure Instruction Data >> +Area (SIDA) when needed. Guest GRs are put into / retrieved from the > > I think you can use 'SIDA' directly the second time. ack > >> +Secure Interception General Register Save Area. > > (...) > > Otherwise, > Reviewed-by: Cornelia Huck <cohuck@xxxxxxxxxx> >
