[v3,10/37] KVM: s390: protvirt: Add KVM api documentation

Message ID	20200220104020.5343-11-borntraeger@de.ibm.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=rqLM=4I=vger.kernel.org=kvm-owner@kernel.org> From: Christian Borntraeger <borntraeger@de.ibm.com> To: Christian Borntraeger <borntraeger@de.ibm.com>, Janosch Frank <frankja@linux.vnet.ibm.com> Cc: KVM <kvm@vger.kernel.org>, Cornelia Huck <cohuck@redhat.com>, David Hildenbrand <david@redhat.com>, Thomas Huth <thuth@redhat.com>, Ulrich Weigand <Ulrich.Weigand@de.ibm.com>, Claudio Imbrenda <imbrenda@linux.ibm.com>, linux-s390 <linux-s390@vger.kernel.org>, Michael Mueller <mimu@linux.ibm.com>, Vasily Gorbik <gor@linux.ibm.com>, Janosch Frank <frankja@linux.ibm.com> Subject: [PATCH v3 10/37] KVM: s390: protvirt: Add KVM api documentation Date: Thu, 20 Feb 2020 05:39:53 -0500 Message-Id: <20200220104020.5343-11-borntraeger@de.ibm.com> In-Reply-To: <20200220104020.5343-1-borntraeger@de.ibm.com> References: <20200220104020.5343-1-borntraeger@de.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: kvm-owner@vger.kernel.org Precedence: bulk
Series	KVM: s390: Add support for protected VMs \| expand [v3,00/37] KVM: s390: Add support for protected VMs [v3,01/37] mm:gup/writeback: add callbacks for inaccessible pages [v3,02/37] KVM: s390/interrupt: do not pin adapter interrupt pages [v3,03/37] s390/protvirt: introduce host side setup [v3,04/37] s390/protvirt: add ultravisor initialization [v3,05/37] s390/mm: provide memory management functions for protected KVM guests [v3,06/37] s390/mm: add (non)secure page access exceptions handlers [v3,07/37] KVM: s390: protvirt: Add UV debug trace [v3,08/37] KVM: s390: add new variants of UV CALL [v3,09/37] KVM: s390: protvirt: Add initial vm and cpu lifecycle handling [v3,10/37] KVM: s390: protvirt: Add KVM api documentation [v3,11/37] KVM: s390: protvirt: Secure memory is not mergeable [v3,12/37] KVM: s390/mm: Make pages accessible before destroying the guest [v3,13/37] KVM: s390: protvirt: Handle SE notification interceptions [v3,14/37] KVM: s390: protvirt: Instruction emulation [v3,15/37] KVM: s390: protvirt: Implement interrupt injection [v3,16/37] KVM: s390: protvirt: Add SCLP interrupt handling [v3,17/37] KVM: s390: protvirt: Handle spec exception loops [v3,18/37] KVM: s390: protvirt: Add new gprs location handling [v3,19/37] KVM: S390: protvirt: Introduce instruction data area bounce buffer [v3,20/37] KVM: s390: protvirt: handle secure guest prefix pages [v3,21/37] KVM: s390/mm: handle guest unpin events [v3,22/37] KVM: s390: protvirt: Write sthyi data to instruction data area [v3,23/37] KVM: s390: protvirt: STSI handling [v3,24/37] KVM: s390: protvirt: disallow one_reg [v3,25/37] KVM: s390: protvirt: Do only reset registers that are accessible [v3,26/37] KVM: s390: protvirt: Only sync fmt4 registers [v3,27/37] KVM: s390: protvirt: Add program exception injection [v3,28/37] KVM: s390: protvirt: UV calls in support of diag308 0, 1 [v3,29/37] KVM: s390: protvirt: Report CPU state to Ultravisor [v3,30/37] KVM: s390: protvirt: Support cmd 5 operation state [v3,31/37] KVM: s390: protvirt: Mask PSW interrupt bits for interception 104 and 112 [v3,32/37] KVM: s390: protvirt: do not inject interrupts after start [v3,33/37] KVM: s390: protvirt: Add UV cpu reset calls [v3,34/37] DOCUMENTATION: Protected virtual machine introduction and IPL [v3,35/37] s390: protvirt: Add sysfs firmware interface for Ultravisor information [v3,36/37] KVM: s390: rstify new ioctls in api.rst [v3,37/37] KVM: s390: protvirt: introduce and enable KVM_CAP_S390_PROTECTED

Message ID

20200220104020.5343-11-borntraeger@de.ibm.com (mailing list archive)

State

New, archived

Headers

From: Christian Borntraeger <borntraeger@de.ibm.com>
To: Christian Borntraeger <borntraeger@de.ibm.com>,
        Janosch Frank <frankja@linux.vnet.ibm.com>
Cc: KVM <kvm@vger.kernel.org>, Cornelia Huck <cohuck@redhat.com>,
        David Hildenbrand <david@redhat.com>,
        Thomas Huth <thuth@redhat.com>,
        Ulrich Weigand <Ulrich.Weigand@de.ibm.com>,
        Claudio Imbrenda <imbrenda@linux.ibm.com>,
        linux-s390 <linux-s390@vger.kernel.org>,
        Michael Mueller <mimu@linux.ibm.com>,
        Vasily Gorbik <gor@linux.ibm.com>,
        Janosch Frank <frankja@linux.ibm.com>
Subject: [PATCH v3 10/37] KVM: s390: protvirt: Add KVM api documentation
Date: Thu, 20 Feb 2020 05:39:53 -0500
Message-Id: <20200220104020.5343-11-borntraeger@de.ibm.com>
In-Reply-To: <20200220104020.5343-1-borntraeger@de.ibm.com>
References: <20200220104020.5343-1-borntraeger@de.ibm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: kvm-owner@vger.kernel.org
Precedence: bulk

Series

KVM: s390: Add support for protected VMs | expand

Commit Message

Christian Borntraeger Feb. 20, 2020, 10:39 a.m. UTC

From: Janosch Frank <frankja@linux.ibm.com>

Add documentation for KVM_CAP_S390_PROTECTED capability and the
KVM_S390_PV_COMMAND and KVM_S390_PV_COMMAND_VCPU ioctls.

Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
[borntraeger@de.ibm.com: patch merging, splitting, fixing]
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 Documentation/virt/kvm/api.rst | 52 ++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

Comments

David Hildenbrand Feb. 20, 2020, 1:05 p.m. UTC | #1

On 20.02.20 11:39, Christian Borntraeger wrote:
> From: Janosch Frank <frankja@linux.ibm.com>
> 
> Add documentation for KVM_CAP_S390_PROTECTED capability and the
> KVM_S390_PV_COMMAND and KVM_S390_PV_COMMAND_VCPU ioctls.

Outdated.

I suggest moving this after "[PATCH v3 37/37] KVM: s390: protvirt:
introduce and enable KVM_CAP_S390_PROTECTED" or even squashing it into
that one.

> 
> Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
> [borntraeger@de.ibm.com: patch merging, splitting, fixing]
> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
> ---
>  Documentation/virt/kvm/api.rst | 52 ++++++++++++++++++++++++++++++++++
>  1 file changed, 52 insertions(+)
> 
> diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
> index 97a72a53fa4b..77e1edfe5d4c 100644
> --- a/Documentation/virt/kvm/api.rst
> +++ b/Documentation/virt/kvm/api.rst
> @@ -4646,6 +4646,51 @@ the clear cpu reset definition in the POP. However, the cpu is not put
>  into ESA mode. This reset is a superset of the initial reset.
>  
>  
> +4.125 KVM_S390_PV_COMMAND
> +-------------------------
> +
> +:Capability: KVM_CAP_S390_PROTECTED
> +:Architectures: s390
> +:Type: vm ioctl
> +:Parameters: struct kvm_pv_cmd
> +:Returns: 0 on success, < 0 on error
> +
> +::
> +
> +  struct kvm_pv_cmd {
> +	__u32 cmd;	/* Command to be executed */
> +	__u16 rc;	/* Ultravisor return code */
> +	__u16 rrc;	/* Ultravisor return reason code */
> +	__u64 data;	/* Data or address */
> +	__u32 flags;    /* flags for future extensions. Must be 0 for now */
> +	__u32 reserved[3];
> +  };
> +
> +cmd values:
> +
> +KVM_PV_ENABLE
> +  Allocate memory and register the VM with the Ultravisor, thereby
> +  donating memory to the Ultravisor making it inaccessible to KVM.
> +  Also converts all existing CPUs to protected ones. Future hotplug
> +  CPUs will become protected during creation.
> +
> +KVM_PV_DISABLE
> +  Deregisters the VM from the Ultravisor and frees memory that was
> +  donated, so the kernel can use it again. All registered VCPUs are
> +  converted back to non-protected ones.
> +
> +KVM_PV_VM_SET_SEC_PARMS
> +  Pass the image header from VM memory to the Ultravisor in
> +  preparation of image unpacking and verification.
> +
> +KVM_PV_VM_UNPACK
> +  Unpack (protect and decrypt) a page of the encrypted boot image.
> +
> +KVM_PV_VM_VERIFY
> +  Verify the integrity of the unpacked image. Only if this succeeds,
> +  KVM is allowed to start protected VCPUs.
> +
> +
>  5. The kvm_run structure
>  ========================
>  
> @@ -6024,3 +6069,10 @@ Architectures: s390
>  
>  This capability indicates that the KVM_S390_NORMAL_RESET and
>  KVM_S390_CLEAR_RESET ioctls are available.
> +
> +8.23 KVM_CAP_S390_PROTECTED
> +
> +Architecture: s390
> +
> +This capability indicates that KVM can start protected VMs and the
> +Ultravisor has therefore been initialized.
> 

Maybe document that KVM_S390_PV_COMMAND and the new MP is available.
Also maybe that MP commands can now fail.

Christian Borntraeger Feb. 20, 2020, 1:55 p.m. UTC | #2

On 20.02.20 14:05, David Hildenbrand wrote:
> On 20.02.20 11:39, Christian Borntraeger wrote:
>> From: Janosch Frank <frankja@linux.ibm.com>
>>
>> Add documentation for KVM_CAP_S390_PROTECTED capability and the
>> KVM_S390_PV_COMMAND and KVM_S390_PV_COMMAND_VCPU ioctls.
> 
> Outdated.

ACK.

> 
> I suggest moving this after "[PATCH v3 37/37] KVM: s390: protvirt:
> introduce and enable KVM_CAP_S390_PROTECTED" or even squashing it into
> that one.

Will move at the end. 

[...]

>> +8.23 KVM_CAP_S390_PROTECTED
>> +
>> +Architecture: s390
>> +
>> +This capability indicates that KVM can start protected VMs and the
>> +Ultravisor has therefore been initialized.
>>
> 
> Maybe document that KVM_S390_PV_COMMAND and the new MP is available.
> Also maybe that MP commands can now fail.

diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
index faca9977cbe7..7faf32b92d8c 100644
--- a/Documentation/virt/kvm/api.rst
+++ b/Documentation/virt/kvm/api.rst
@@ -6081,3 +6081,6 @@ Architecture: s390
 
 This capability indicates that KVM can start protected VMs and the
 Ultravisor has therefore been initialized.
+This will provide the new KVM_S390_PV_COMMAND ioctl and it will allow
+KVM_MP_STATE_LOAD as new MP_STATE. KVM_SET_MP_STATE can now fail for
+protected guests when the state change is invalid.

diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
index 97a72a53fa4b..77e1edfe5d4c 100644
--- a/Documentation/virt/kvm/api.rst
+++ b/Documentation/virt/kvm/api.rst
@@ -4646,6 +4646,51 @@  the clear cpu reset definition in the POP. However, the cpu is not put
 into ESA mode. This reset is a superset of the initial reset.
 
 
+4.125 KVM_S390_PV_COMMAND
+-------------------------
+
+:Capability: KVM_CAP_S390_PROTECTED
+:Architectures: s390
+:Type: vm ioctl
+:Parameters: struct kvm_pv_cmd
+:Returns: 0 on success, < 0 on error
+
+::
+
+  struct kvm_pv_cmd {
+	__u32 cmd;	/* Command to be executed */
+	__u16 rc;	/* Ultravisor return code */
+	__u16 rrc;	/* Ultravisor return reason code */
+	__u64 data;	/* Data or address */
+	__u32 flags;    /* flags for future extensions. Must be 0 for now */
+	__u32 reserved[3];
+  };
+
+cmd values:
+
+KVM_PV_ENABLE
+  Allocate memory and register the VM with the Ultravisor, thereby
+  donating memory to the Ultravisor making it inaccessible to KVM.
+  Also converts all existing CPUs to protected ones. Future hotplug
+  CPUs will become protected during creation.
+
+KVM_PV_DISABLE
+  Deregisters the VM from the Ultravisor and frees memory that was
+  donated, so the kernel can use it again. All registered VCPUs are
+  converted back to non-protected ones.
+
+KVM_PV_VM_SET_SEC_PARMS
+  Pass the image header from VM memory to the Ultravisor in
+  preparation of image unpacking and verification.
+
+KVM_PV_VM_UNPACK
+  Unpack (protect and decrypt) a page of the encrypted boot image.
+
+KVM_PV_VM_VERIFY
+  Verify the integrity of the unpacked image. Only if this succeeds,
+  KVM is allowed to start protected VCPUs.
+
+
 5. The kvm_run structure
 ========================
 
@@ -6024,3 +6069,10 @@  Architectures: s390
 
 This capability indicates that the KVM_S390_NORMAL_RESET and
 KVM_S390_CLEAR_RESET ioctls are available.
+
+8.23 KVM_CAP_S390_PROTECTED
+
+Architecture: s390
+
+This capability indicates that KVM can start protected VMs and the
+Ultravisor has therefore been initialized.

[v3,10/37] KVM: s390: protvirt: Add KVM api documentation

Commit Message

Comments

Patch