[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v10 03/16] s390x: protvirt: Support unpack facility
|
From: |
Janosch Frank |
|
Subject: |
Re: [PATCH v10 03/16] s390x: protvirt: Support unpack facility |
|
Date: |
Thu, 19 Mar 2020 12:55:51 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 |
On 3/19/20 12:08 PM, Cornelia Huck wrote:
> On Wed, 18 Mar 2020 10:30:34 -0400
> Janosch Frank <address@hidden> wrote:
>
>> The unpack facility provides the means to setup a protected guest. A
>> protected guest cannot be introspected by the hypervisor or any
>> user/administrator of the machine it is running on.
>>
>> Protected guests are encrypted at rest and need a special boot
>> mechanism via diag308 subcode 8 and 10.
>>
>> Code 8 sets the PV specific IPLB which is retained separately from
>> those set via code 5.
>>
>> Code 10 is used to unpack the VM into protected memory, verify its
>> integrity and start it.
>>
>> Signed-off-by: Janosch Frank <address@hidden>
>> Co-developed-by: Christian Borntraeger <address@hidden> [Changes
>> to machine]
>> Reviewed-by: David Hildenbrand <address@hidden>
>> Reviewed-by: Claudio Imbrenda <address@hidden>
>> ---
>> hw/s390x/Makefile.objs | 1 +
>> hw/s390x/ipl.c | 59 +++++++++++++-
>> hw/s390x/ipl.h | 91 ++++++++++++++++++++-
>> hw/s390x/pv.c | 98 +++++++++++++++++++++++
>
> More of an aside: In MAINTAINERS, this new file will be covered by the
> general s390x section, the tcg section, and the s390-ccw-virtio machine
> section, but not by the kvm section. Do we want to tweak that?
@Christian?
>
>> hw/s390x/s390-virtio-ccw.c | 119 +++++++++++++++++++++++++++-
>> include/hw/s390x/pv.h | 55 +++++++++++++
>> include/hw/s390x/s390-virtio-ccw.h | 1 +
>> target/s390x/cpu.c | 2 +
>> target/s390x/cpu_features_def.inc.h | 1 +
>> target/s390x/diag.c | 39 ++++++++-
>> target/s390x/kvm-stub.c | 5 ++
>> target/s390x/kvm.c | 5 ++
>> target/s390x/kvm_s390x.h | 1 +
>> 13 files changed, 467 insertions(+), 10 deletions(-)
>> create mode 100644 hw/s390x/pv.c
>> create mode 100644 include/hw/s390x/pv.h
>
> (...)
>
>> diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
>> index 3dd396e870357944..84029f14814b4980 100644
>> --- a/target/s390x/cpu.c
>> +++ b/target/s390x/cpu.c
>> @@ -37,6 +37,8 @@
>> #include "sysemu/hw_accel.h"
>> #include "hw/qdev-properties.h"
>> #ifndef CONFIG_USER_ONLY
>> +#include "hw/s390x/s390-virtio-ccw.h"
>> +#include "hw/s390x/pv.h"
>
> These are probably needed because of some inline stuff dragging
> definitions in?
Good catch.
pv.h is needed for s390_is_pv()
But since pv.h includes s390-virtio-ccw.h I can remove it.
I'll throw this through the CI to make sure it works on all s390x
compile targets
>
>> #include "hw/boards.h"
>> #include "sysemu/arch_init.h"
>> #include "sysemu/sysemu.h"
>
> Reviewed-by: Cornelia Huck <address@hidden>
>
Thanks
signature.asc
Description: OpenPGP digital signature
- [PATCH v10 00/16] s390x: Protected Virtualization support, Janosch Frank, 2020/03/18
- [PATCH v10 02/16] Sync pv, Janosch Frank, 2020/03/18
- [PATCH v10 05/16] s390x: protvirt: Inhibit balloon when switching to protected mode, Janosch Frank, 2020/03/18
- [PATCH v10 04/16] s390x: protvirt: Add migration blocker, Janosch Frank, 2020/03/18
- [PATCH v10 06/16] s390x: protvirt: KVM intercept changes, Janosch Frank, 2020/03/18
- [PATCH v10 07/16] s390x: Add SIDA memory ops, Janosch Frank, 2020/03/18
- [PATCH v10 03/16] s390x: protvirt: Support unpack facility, Janosch Frank, 2020/03/18
[PATCH v10 09/16] s390x: protvirt: SCLP interpretation, Janosch Frank, 2020/03/18
[PATCH v10 11/16] s390x: protvirt: Move diag 308 data over SIDA, Janosch Frank, 2020/03/18
[PATCH v10 10/16] s390x: protvirt: Set guest IPL PSW, Janosch Frank, 2020/03/18