Commit 5d0545ab authored by Janosch Frank's avatar Janosch Frank
Browse files

Merge remote-tracking branch 'vfio-ap' into next 

The Secure Execution AP support makes it possible for SE VMs to
securely use APQNs without a third party being able to snoop IO. VMs
first bind to an APQN to securely attach it and granting protected key
crypto function access. Afterwards they can associate the APQN which
grants them clear key crypto function access. Once bound the APQNs are
not accessible to the host until a reset is performed.

The vfio-ap patches being merged here provide the base hypervisor
Secure Execution / Protected Virtualization AP support. This includes
proper handling of APQNs that are securely attached to a SE/PV guest
especially regarding resets.
parents 642dbc03 f88fb133

arch/s390/include/asm/kvm_host.h

+3 −0
Original line number Diff line number Diff line
@@ -1028,6 +1028,9 @@ static inline int sie64a(struct kvm_s390_sie_block *sie_block, u64 *rsa) 


extern char sie_exit;



bool kvm_s390_pv_is_protected(struct kvm *kvm);

bool kvm_s390_pv_cpu_is_protected(struct kvm_vcpu *vcpu);



extern int kvm_s390_gisc_register(struct kvm *kvm, u32 gisc);

extern int kvm_s390_gisc_unregister(struct kvm *kvm, u32 gisc);

arch/s390/include/asm/uv.h

+6 −0
Original line number Diff line number Diff line
@@ -463,6 +463,7 @@ static inline int is_prot_virt_host(void) 
	return prot_virt_host;

}



int uv_pin_shared(unsigned long paddr);

int gmap_make_secure(struct gmap *gmap, unsigned long gaddr, void *uvcb);

int gmap_destroy_page(struct gmap *gmap, unsigned long gaddr);

int uv_destroy_owned_page(unsigned long paddr);
@@ -475,6 +476,11 @@ void setup_uv(void); 
#define is_prot_virt_host() 0

static inline void setup_uv(void) {}



static inline int uv_pin_shared(unsigned long paddr)

{

	return 0;

}



static inline int uv_destroy_owned_page(unsigned long paddr)

{

	return 0;

arch/s390/kernel/uv.c

+2 −1
Original line number Diff line number Diff line
@@ -88,7 +88,7 @@ void __init setup_uv(void) 
 * Requests the Ultravisor to pin the page in the shared state. This will

 * cause an intercept when the guest attempts to unshare the pinned page.

 */

static int uv_pin_shared(unsigned long paddr)

int uv_pin_shared(unsigned long paddr)

{

	struct uv_cb_cfs uvcb = {

		.header.cmd = UVC_CMD_PIN_PAGE_SHARED,
@@ -100,6 +100,7 @@ static int uv_pin_shared(unsigned long paddr) 
		return -EINVAL;

	return 0;

}

EXPORT_SYMBOL_GPL(uv_pin_shared);



/*

 * Requests the Ultravisor to destroy a guest page and make it

arch/s390/kvm/kvm-s390.h

+0 −12
Original line number Diff line number Diff line
@@ -270,18 +270,6 @@ static inline u64 kvm_s390_pv_cpu_get_handle(struct kvm_vcpu *vcpu) 
	return vcpu->arch.pv.handle;

}



static inline bool kvm_s390_pv_is_protected(struct kvm *kvm)

{

	lockdep_assert_held(&kvm->lock);

	return !!kvm_s390_pv_get_handle(kvm);

}



static inline bool kvm_s390_pv_cpu_is_protected(struct kvm_vcpu *vcpu)

{

	lockdep_assert_held(&vcpu->mutex);

	return !!kvm_s390_pv_cpu_get_handle(vcpu);

}



/* implemented in interrupt.c */

int kvm_s390_handle_wait(struct kvm_vcpu *vcpu);

void kvm_s390_vcpu_wakeup(struct kvm_vcpu *vcpu);

arch/s390/kvm/pv.c

+14 −0
Original line number Diff line number Diff line
@@ -18,6 +18,20 @@ 
#include <linux/mmu_notifier.h>

#include "kvm-s390.h"



bool kvm_s390_pv_is_protected(struct kvm *kvm)

{

	lockdep_assert_held(&kvm->lock);

	return !!kvm_s390_pv_get_handle(kvm);

}

EXPORT_SYMBOL_GPL(kvm_s390_pv_is_protected);



bool kvm_s390_pv_cpu_is_protected(struct kvm_vcpu *vcpu)

{

	lockdep_assert_held(&vcpu->mutex);

	return !!kvm_s390_pv_cpu_get_handle(vcpu);

}

EXPORT_SYMBOL_GPL(kvm_s390_pv_cpu_is_protected);



/**

 * struct pv_vm_to_be_destroyed - Represents a protected VM that needs to

 * be destroyed