[v2,10/42] KVM: s390: protvirt: Add KVM api documentation

Message ID	20200214222658.12946-11-borntraeger@de.ibm.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=AN0r=4C=vger.kernel.org=kvm-owner@kernel.org> From: Christian Borntraeger <borntraeger@de.ibm.com> To: Christian Borntraeger <borntraeger@de.ibm.com>, Janosch Frank <frankja@linux.vnet.ibm.com> Cc: KVM <kvm@vger.kernel.org>, Cornelia Huck <cohuck@redhat.com>, David Hildenbrand <david@redhat.com>, Thomas Huth <thuth@redhat.com>, Ulrich Weigand <Ulrich.Weigand@de.ibm.com>, Claudio Imbrenda <imbrenda@linux.ibm.com>, linux-s390 <linux-s390@vger.kernel.org>, Michael Mueller <mimu@linux.ibm.com>, Vasily Gorbik <gor@linux.ibm.com>, Janosch Frank <frankja@linux.ibm.com> Subject: [PATCH v2 10/42] KVM: s390: protvirt: Add KVM api documentation Date: Fri, 14 Feb 2020 17:26:26 -0500 Message-Id: <20200214222658.12946-11-borntraeger@de.ibm.com> In-Reply-To: <20200214222658.12946-1-borntraeger@de.ibm.com> References: <20200214222658.12946-1-borntraeger@de.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: kvm-owner@vger.kernel.org Precedence: bulk
Series	KVM: s390: Add support for protected VMs \| expand [v2,00/42] KVM: s390: Add support for protected VMs [v2,01/42] mm:gup/writeback: add callbacks for inaccessible pages [v2,02/42] KVM: s390/interrupt: do not pin adapter interrupt pages [v2,03/42] s390/protvirt: introduce host side setup [v2,04/42] s390/protvirt: add ultravisor initialization [v2,05/42] s390/mm: provide memory management functions for protected KVM guests [v2,06/42] s390/mm: add (non)secure page access exceptions handlers [v2,07/42] KVM: s390: protvirt: Add UV debug trace [v2,08/42] KVM: s390: add new variants of UV CALL [v2,09/42] KVM: s390: protvirt: Add initial vm and cpu lifecycle handling [v2,10/42] KVM: s390: protvirt: Add KVM api documentation [v2,11/42] KVM: s390: protvirt: Secure memory is not mergeable [v2,12/42] KVM: s390/mm: Make pages accessible before destroying the guest [v2,13/42] KVM: s390: protvirt: Handle SE notification interceptions [v2,14/42] KVM: s390: protvirt: Instruction emulation [v2,15/42] KVM: s390: protvirt: Add interruption injection controls [v2,16/42] KVM: s390: protvirt: Implement interruption injection [v2,17/42] KVM: s390: protvirt: Add SCLP interrupt handling [v2,18/42] KVM: s390: protvirt: Handle spec exception loops [v2,19/42] KVM: s390: protvirt: Add new gprs location handling [v2,20/42] KVM: S390: protvirt: Introduce instruction data area bounce buffer [v2,21/42] KVM: s390: protvirt: handle secure guest prefix pages [v2,22/42] KVM: s390/mm: handle guest unpin events [v2,23/42] KVM: s390: protvirt: Write sthyi data to instruction data area [v2,24/42] KVM: s390: protvirt: STSI handling [v2,25/42] KVM: s390: protvirt: disallow one_reg [v2,26/42] KVM: s390: protvirt: Do only reset registers that are accessible [v2,27/42] KVM: s390: protvirt: Only sync fmt4 registers [v2,28/42] KVM: s390: protvirt: Add program exception injection [v2,29/42] KVM: s390: protvirt: Add diag 308 subcode 8 - 10 handling [v2,30/42] KVM: s390: protvirt: UV calls in support of diag308 0, 1 [v2,31/42] KVM: s390: protvirt: Report CPU state to Ultravisor [v2,32/42] KVM: s390: protvirt: Support cmd 5 operation state [v2,33/42] KVM: s390: protvirt: Mask PSW interrupt bits for interception 104 and 112 [v2,34/42] KVM: s390: protvirt: do not inject interrupts after start [v2,35/42] KVM: s390: protvirt: Add UV cpu reset calls [v2,36/42] DOCUMENTATION: Protected virtual machine introduction and IPL [v2,37/42] s390/uv: Fix handling of length extensions (already in s390 tree) [v2,38/42] s390: protvirt: Add sysfs firmware interface for Ultravisor information [v2,39/42] example for future extension: mm:gup/writeback: add callbacks for inaccessible pages: er… [v2,40/42] example for future extension: mm:gup/writeback: add callbacks for inaccessible pages: so… [v2,41/42] potential fixup for "s390/mm: provide memory management functions for protected KVM gues… [v2,42/42] KVM: s390: rstify new ioctls in api.rst

Message ID

20200214222658.12946-11-borntraeger@de.ibm.com (mailing list archive)

State

New, archived

Headers

From: Christian Borntraeger <borntraeger@de.ibm.com>
To: Christian Borntraeger <borntraeger@de.ibm.com>,
        Janosch Frank <frankja@linux.vnet.ibm.com>
Cc: KVM <kvm@vger.kernel.org>, Cornelia Huck <cohuck@redhat.com>,
        David Hildenbrand <david@redhat.com>,
        Thomas Huth <thuth@redhat.com>,
        Ulrich Weigand <Ulrich.Weigand@de.ibm.com>,
        Claudio Imbrenda <imbrenda@linux.ibm.com>,
        linux-s390 <linux-s390@vger.kernel.org>,
        Michael Mueller <mimu@linux.ibm.com>,
        Vasily Gorbik <gor@linux.ibm.com>,
        Janosch Frank <frankja@linux.ibm.com>
Subject: [PATCH v2 10/42] KVM: s390: protvirt: Add KVM api documentation
Date: Fri, 14 Feb 2020 17:26:26 -0500
Message-Id: <20200214222658.12946-11-borntraeger@de.ibm.com>
In-Reply-To: <20200214222658.12946-1-borntraeger@de.ibm.com>
References: <20200214222658.12946-1-borntraeger@de.ibm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: kvm-owner@vger.kernel.org
Precedence: bulk

Series

KVM: s390: Add support for protected VMs | expand

Commit Message

Christian Borntraeger Feb. 14, 2020, 10:26 p.m. UTC

From: Janosch Frank <frankja@linux.ibm.com>

Add documentation for KVM_CAP_S390_PROTECTED capability and the
KVM_S390_PV_COMMAND and KVM_S390_PV_COMMAND_VCPU ioctls.

Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
[borntraeger@de.ibm.com: patch merging, splitting, fixing]
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 Documentation/virt/kvm/api.rst | 69 ++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)

diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
index 97a72a53fa4b..cb58714fe60d 100644
--- a/Documentation/virt/kvm/api.rst
+++ b/Documentation/virt/kvm/api.rst
@@ -4646,6 +4646,68 @@  the clear cpu reset definition in the POP. However, the cpu is not put
 into ESA mode. This reset is a superset of the initial reset.
 
 
+4.125 KVM_S390_PV_COMMAND
+-------------------------
+
+:Capability: KVM_CAP_S390_PROTECTED
+:Architectures: s390
+:Type: vm ioctl
+:Parameters: struct kvm_pv_cmd
+:Returns: 0 on success, < 0 on error
+
+::
+
+  struct kvm_pv_cmd {
+	__u32 cmd;	/* Command to be executed */
+	__u16 rc;	/* Ultravisor return code */
+	__u16 rrc;	/* Ultravisor return reason code */
+	__u64 data;	/* Data or address */
+	__u32 flags;    /* flags for future extensions. Must be 0 for now */
+	__u32 reserved[3];
+  };
+
+cmd values:
+
+KVM_PV_VM_CREATE
+  Allocate memory and register the VM with the Ultravisor, thereby
+  donating memory to the Ultravisor making it inaccessible to KVM.
+
+KVM_PV_VM_DESTROY
+  Deregisters the VM from the Ultravisor and frees memory that was
+  donated, so the kernel can use it again. All registered VCPUs have to
+  be unregistered beforehand and all memory has to be exported or
+  shared.
+
+KVM_PV_VM_SET_SEC_PARMS
+  Pass the image header from VM memory to the Ultravisor in
+  preparation of image unpacking and verification.
+
+KVM_PV_VM_UNPACK
+  Unpack (protect and decrypt) a page of the encrypted boot image.
+
+KVM_PV_VM_VERIFY
+  Verify the integrity of the unpacked image. Only if this succeeds,
+  KVM is allowed to start protected VCPUs.
+
+4.126 KVM_S390_PV_COMMAND_VCPU
+------------------------------
+
+:Capability: KVM_CAP_S390_PROTECTED
+:Architectures: s390
+:Type: vcpu ioctl
+:Parameters: struct kvm_pv_cmd
+:Returns: 0 on success, < 0 on error
+
+cmd values:
+
+KVM_PV_VCPU_CREATE
+  Allocate memory and register a VCPU with the Ultravisor, thereby
+  donating memory to the Ultravisor making it inaccessible to KVM.
+
+KVM_PV_VCPU_DESTROY
+  Unregisters the VCPU from the Ultravisor and frees memory that was
+  donated, so the kernel can use it again.
+
 5. The kvm_run structure
 ========================
 
@@ -6024,3 +6086,10 @@  Architectures: s390
 
 This capability indicates that the KVM_S390_NORMAL_RESET and
 KVM_S390_CLEAR_RESET ioctls are available.
+
+8.23 KVM_CAP_S390_PROTECTED
+
+Architecture: s390
+
+This capability indicates that KVM can start protected VMs and the
+Ultravisor has therefore been initialized.

[v2,10/42] KVM: s390: protvirt: Add KVM api documentation

Commit Message

Patch