From patchwork Mon Feb 24 11:40:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Borntraeger X-Patchwork-Id: 11400217 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C200E17E0 for ; Mon, 24 Feb 2020 11:41:16 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 7ED272082F for ; Mon, 24 Feb 2020 11:41:16 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7ED272082F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=de.ibm.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 9E2076B0005; Mon, 24 Feb 2020 06:41:15 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 96C246B0006; Mon, 24 Feb 2020 06:41:15 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 80D936B0008; Mon, 24 Feb 2020 06:41:15 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0132.hostedemail.com [216.40.44.132]) by kanga.kvack.org (Postfix) with ESMTP id 630E56B0006 for ; Mon, 24 Feb 2020 06:41:15 -0500 (EST) Received: from smtpin11.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 1D5688248076 for ; Mon, 24 Feb 2020 11:41:15 +0000 (UTC) X-FDA: 76524829710.11.straw55_4509cbaecb106 X-Spam-Summary: 2,0,0,67d01429b0dfcc21,d41d8cd98f00b204,borntraeger@de.ibm.com,,RULES_HIT:1:2:41:69:355:379:541:967:968:973:982:988:989:1260:1261:1311:1314:1345:1437:1515:1605:1730:1747:1777:1792:1801:2198:2199:2393:2525:2538:2559:2564:2682:2685:2693:2859:2892:2899:2901:2904:2911:2933:2937:2939:2942:2945:2947:2951:2954:3022:3138:3139:3140:3141:3142:3865:3866:3867:3868:3870:3871:3872:3873:3874:3934:3936:3938:3941:3944:3947:3950:3953:3956:3959:4052:4250:4425:4605:4837:5007:6117:6119:6261:6742:7875:7903:8568:8603:8634:8660:8784:8985:9010:9025:10004:11026:11218:11232:11473:11657:11658:11914:12043:12296:12297:12438:12555:12663:12679:12683:12895:13019:13146:13148:13161:13229:13230:13894:13972:14096:14394:21063:21067:21080:21220:21433:21451:21627:21740:21796:30012:30025:30026:30030:30036:30045:30054:30067:30070:30075,0,RBL:148.163.156.1:@de.ibm.com:.lbl8.mailshell.net-62.2.0.100 64.100.201.201,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fp,MSBL:0,D NSBL:neu X-HE-Tag: straw55_4509cbaecb106 X-Filterd-Recvd-Size: 13374 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by imf09.hostedemail.com (Postfix) with ESMTP for ; Mon, 24 Feb 2020 11:41:14 +0000 (UTC) Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 01OBck2O114993; Mon, 24 Feb 2020 06:41:13 -0500 Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com with ESMTP id 2yax37hm39-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 24 Feb 2020 06:41:12 -0500 Received: from m0098393.ppops.net (m0098393.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 01OBfCUV120356; Mon, 24 Feb 2020 06:41:12 -0500 Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0a-001b2d01.pphosted.com with ESMTP id 2yax37hm2k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 24 Feb 2020 06:41:12 -0500 Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 01OBZBYd031965; Mon, 24 Feb 2020 11:41:11 GMT Received: from b01cxnp22033.gho.pok.ibm.com (b01cxnp22033.gho.pok.ibm.com [9.57.198.23]) by ppma02dal.us.ibm.com with ESMTP id 2yaux6fuqe-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 24 Feb 2020 11:41:11 +0000 Received: from b01ledav001.gho.pok.ibm.com (b01ledav001.gho.pok.ibm.com [9.57.199.106]) by b01cxnp22033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 01OBf9QW34079156 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 24 Feb 2020 11:41:09 GMT Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7CF7728059; Mon, 24 Feb 2020 11:41:09 +0000 (GMT) Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5F98028058; Mon, 24 Feb 2020 11:41:09 +0000 (GMT) Received: from localhost.localdomain (unknown [9.114.17.106]) by b01ledav001.gho.pok.ibm.com (Postfix) with ESMTP; Mon, 24 Feb 2020 11:41:09 +0000 (GMT) From: Christian Borntraeger To: Christian Borntraeger , Janosch Frank , Andrew Morton Cc: KVM , Cornelia Huck , David Hildenbrand , Thomas Huth , Ulrich Weigand , Claudio Imbrenda , linux-s390 , Michael Mueller , Vasily Gorbik , Andrea Arcangeli , linux-mm@kvack.org Subject: [PATCH v4 00/36] KVM: s390: Add support for protected VMs Date: Mon, 24 Feb 2020 06:40:31 -0500 Message-Id: <20200224114107.4646-1-borntraeger@de.ibm.com> X-Mailer: git-send-email 2.25.0 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138,18.0.572 definitions=2020-02-24_02:2020-02-21,2020-02-24 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 impostorscore=0 bulkscore=0 spamscore=0 suspectscore=0 mlxlogscore=999 priorityscore=1501 lowpriorityscore=0 clxscore=1015 phishscore=0 malwarescore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2001150001 definitions=main-2002240099 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: mm-related patches CCed on linux-mm, the complete list can be found on the KVM and linux-s390 list. Andrew, any chance to take " mm:gup/writeback: add callbacks for inaccessible pages" for 5.7? I can then carry the s390/kvm part. There is no build dependency on this patch (just a logical one). As an alternative I can take an ack and carry that patch myself. This series contains a "pretty small" common code memory management change that will allow paging, guest backing with files etc almost just like normal VMs. It should be a no-op for all architectures not opting in. And it should be usable for others that also try to get notified on "the pages are in the process of being used for things like I/O". This time I included error handling and an ACK from Will Deacon as well as a Reviewed-by: from David Hildenbrand. This patch will be used by "[PATCH v4 05/36] s390/mm: provide memory management functions for protected KVM guests". We need to call into the "make accessible" architecture function when the refcount is already increased the writeback bit is set. This will make sure that we do not call the reverse function (convert to secure) until the host operation has finished. Overview -------- Protected VMs (PVM) are KVM VMs, where KVM can't access the VM's state like guest memory and guest registers anymore. Instead the PVMs are mostly managed by a new entity called Ultravisor (UV), which provides an API, so KVM and the PV can request management actions. PVMs are encrypted at rest and protected from hypervisor access while running. They switch from a normal operation into protected mode, so we can still use the standard boot process to load a encrypted blob and then move it into protected mode. Rebooting is only possible by passing through the unprotected/normal mode and switching to protected again. All patches are in the protvirtv4 branch of the korg s390 kvm git https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux.git/log/?h=protvirtv6 Claudio presented the technology at his presentation at KVM Forum 2019. https://static.sched.com/hosted_files/kvmforum2019/3b/ibm_protected_vms_s390x.pdf v3 -> v4: general ------- - copyright updates - Reviewedby + acked by tags KVM: s390/interrupt: do not pin adapter interrupt pages ------------------------------------------------------- - more comments - get rid of now obsolete adapter parameter s390/mm: provide memory management functions for protected KVM guests --------------------------------------------------------------------- - improved patch description KVM: s390: protvirt: Add initial vm and cpu lifecycle handling -------------------------------------------------------------- - rework tweak logic to not use an array - remove _VM_ part of the subfunction names of PV_COMMAND - merge alloc/create/destroy/dealloc into init/deinit - handle cmma deallocation on failures - rework error handling to pass along the first rc/rrc if VCPU or VM CREATE/DESTROY fails This was tested successfully with error injection and tracing. We do not deallocate on destroy failure and we pass along the first rc/rrc when vcpu destroy fails. KVM: s390: protvirt: Add KVM api documentation ----------------------------------------------- - mention new MP_STATE - remove "old" interfaces that are no longer in the previous patch - move to the end KVM: s390: protvirt: Secure memory is not mergeable --------------------------------------------------- - rebase on new lifecycle patch KVM: s390: protvirt: UV calls in support of diag308 0,1 ------------------------------------------------------- - remove _VM_ part of the subfunction names of PV_COMMAND KVM: s390: rstify new ioctls in api.rst --------------------------------------- - removed from this patch queue v2 -> v3 - rebase against v5.6-rc2 - move some checks into the callers - typo fixes - extend UV query size - do a tlb flush when entering/exiting protected mode - more comments - change interface to PV_ENABLE/DISABLE instead of vcpu/vm create/destroy - lockdep checks for *is_protected calls - locking improments - move facility 161 to qemu - checkpatch fixes - merged error handling in mm patch - removed vcpu pv commands - use mp_state for setting the IPL PSW v1 -> v2 - rebase on top of kvm/master - pipe through rc and rrc. This might have created some churn here and there - turn off sclp masking when rebooting into "unsecure" - memory management simplification - prefix page handling now via intercept 112 - io interrupt intervention request fix (do not use GISA) - api.txt conversion to rst - sample patches on top of mm/gup/writeback - tons of review feedback - kvm_uv debug feature fixes and unifications - ultravisor information for /sys/firmware - RFCv2 -> v1 (you can diff the protvirtv2 and the protvirtv3 branch) - tons of review feedback integrated (see mail thread) - memory management now complete and working - Documentation patches merged - interrupt patches merged - CONFIG_KVM_S390_PROTECTED_VIRTUALIZATION_HOST removed - SIDA interface integrated into memop - for merged patches I removed reviews that were not in all patches Christian Borntraeger (4): KVM: s390/mm: Make pages accessible before destroying the guest KVM: s390: protvirt: Add SCLP interrupt handling KVM: s390: protvirt: do not inject interrupts after start KVM: s390: protvirt: introduce and enable KVM_CAP_S390_PROTECTED Claudio Imbrenda (3): mm/gup/writeback: add callbacks for inaccessible pages s390/mm: provide memory management functions for protected KVM guests KVM: s390/mm: handle guest unpin events Janosch Frank (24): KVM: s390: protvirt: Add UV debug trace KVM: s390: add new variants of UV CALL KVM: s390: protvirt: Add initial vm and cpu lifecycle handling KVM: s390: protvirt: Secure memory is not mergeable KVM: s390: protvirt: Handle SE notification interceptions KVM: s390: protvirt: Instruction emulation KVM: s390: protvirt: Handle spec exception loops KVM: s390: protvirt: Add new gprs location handling KVM: S390: protvirt: Introduce instruction data area bounce buffer KVM: s390: protvirt: handle secure guest prefix pages KVM: s390: protvirt: Write sthyi data to instruction data area KVM: s390: protvirt: STSI handling KVM: s390: protvirt: disallow one_reg KVM: s390: protvirt: Do only reset registers that are accessible KVM: s390: protvirt: Only sync fmt4 registers KVM: s390: protvirt: Add program exception injection KVM: s390: protvirt: UV calls in support of diag308 0, 1 KVM: s390: protvirt: Report CPU state to Ultravisor KVM: s390: protvirt: Support cmd 5 operation state KVM: s390: protvirt: Mask PSW interrupt bits for interception 104 and 112 KVM: s390: protvirt: Add UV cpu reset calls DOCUMENTATION: Protected virtual machine introduction and IPL s390: protvirt: Add sysfs firmware interface for Ultravisor information KVM: s390: protvirt: Add KVM api documentation Michael Mueller (1): KVM: s390: protvirt: Implement interrupt injection Ulrich Weigand (1): KVM: s390/interrupt: do not pin adapter interrupt pages Vasily Gorbik (3): s390/protvirt: introduce host side setup s390/protvirt: add ultravisor initialization s390/mm: add (non)secure page access exceptions handlers .../admin-guide/kernel-parameters.txt | 5 + Documentation/virt/kvm/api.rst | 61 +- Documentation/virt/kvm/devices/s390_flic.rst | 11 +- Documentation/virt/kvm/index.rst | 2 + Documentation/virt/kvm/s390-pv-boot.rst | 83 +++ Documentation/virt/kvm/s390-pv.rst | 116 ++++ MAINTAINERS | 1 + arch/s390/boot/Makefile | 2 +- arch/s390/boot/uv.c | 21 +- arch/s390/include/asm/gmap.h | 6 + arch/s390/include/asm/kvm_host.h | 113 +++- arch/s390/include/asm/mmu.h | 2 + arch/s390/include/asm/mmu_context.h | 1 + arch/s390/include/asm/page.h | 5 + arch/s390/include/asm/pgtable.h | 35 +- arch/s390/include/asm/uv.h | 252 ++++++++- arch/s390/kernel/Makefile | 1 + arch/s390/kernel/pgm_check.S | 4 +- arch/s390/kernel/setup.c | 9 +- arch/s390/kernel/uv.c | 413 ++++++++++++++ arch/s390/kvm/Makefile | 2 +- arch/s390/kvm/diag.c | 6 +- arch/s390/kvm/intercept.c | 117 +++- arch/s390/kvm/interrupt.c | 399 +++++++------ arch/s390/kvm/kvm-s390.c | 532 +++++++++++++++--- arch/s390/kvm/kvm-s390.h | 51 +- arch/s390/kvm/priv.c | 13 +- arch/s390/kvm/pv.c | 298 ++++++++++ arch/s390/mm/fault.c | 78 +++ arch/s390/mm/gmap.c | 65 ++- include/linux/gfp.h | 6 + include/uapi/linux/kvm.h | 43 +- mm/gup.c | 15 +- mm/page-writeback.c | 5 + 34 files changed, 2461 insertions(+), 312 deletions(-) create mode 100644 Documentation/virt/kvm/s390-pv-boot.rst create mode 100644 Documentation/virt/kvm/s390-pv.rst create mode 100644 arch/s390/kernel/uv.c create mode 100644 arch/s390/kvm/pv.c