~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/virt/kvm/s390/s390-pv.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/virt/kvm/s390/s390-pv.rst (Version linux-6.12-rc7) and /Documentation/virt/kvm/s390/s390-pv.rst (Version linux-5.8.18)

  1 .. SPDX-License-Identifier: GPL-2.0               
  2                                                   
  3 =========================================         
  4 s390 (IBM Z) Ultravisor and Protected VMs         
  5 =========================================         
  6                                                   
  7 Summary                                           
  8 -------                                           
  9 Protected virtual machines (PVM) are KVM VMs t    
 10 access VM state like guest memory or guest reg    
 11 PVMs are mostly managed by a new entity called    
 12 provides an API that can be used by PVMs and K    
 13 actions.                                          
 14                                                   
 15 Each guest starts in non-protected mode and th    
 16 transition into protected mode. On transition,    
 17 and its VCPUs with the Ultravisor and prepares    
 18 it.                                               
 19                                                   
 20 The Ultravisor will secure and decrypt the gue    
 21 (i.e. kernel/initrd). It will safeguard state     
 22 starts/stops and injected interrupts while the    
 23                                                   
 24 As access to the guest's state, such as the SI    
 25 normally needed to be able to run a VM, some c    
 26 the behavior of the SIE instruction. A new for    
 27 has been introduced, where some fields have di    
 28 PVM. SIE exits are minimized as much as possib    
 29 reduce exposed guest state.                       
 30                                                   
 31                                                   
 32 Interrupt injection                               
 33 -------------------                               
 34 Interrupt injection is safeguarded by the Ultr    
 35 have access to the VCPUs' lowcores, injection     
 36 format 4 state description.                       
 37                                                   
 38 Machine check, external, IO and restart interr    
 39 injected on SIE entry via a bit in the interru    
 40 field (offset 0x54). If the guest cpu is not e    
 41 at the time of injection, a validity intercept    
 42 format 4 state description contains fields in     
 43 block where data associated with the interrupt    
 44                                                   
 45 Program and Service Call exceptions have anoth    
 46 safeguarding; they can only be injected for in    
 47 been intercepted into KVM. The exceptions need    
 48 of an instruction emulation by KVM, e.g. we ca    
 49 addressing exception as they are reported by S    
 50 access to the guest memory.                       
 51                                                   
 52                                                   
 53 Mask notification interceptions                   
 54 -------------------------------                   
 55 KVM cannot intercept lctl(g) and lpsw(e) anymo    
 56 notified when a PVM enables a certain class of    
 57 replacement, two new interception codes have b    
 58 indicating that the contents of CRs 0, 6, or 1    
 59 indicating different interruption subclasses;     
 60 PSW bit 13 has been changed, indicating that a    
 61 intervention was requested and those are now e    
 62                                                   
 63 Instruction emulation                             
 64 ---------------------                             
 65 With the format 4 state description for PVMs,     
 66 interprets more instructions than it does with    
 67 to interpret every instruction, but needs to h    
 68 therefore, the SIE and the ultravisor safeguar    
 69                                                   
 70 The control structures associated with SIE pro    
 71 Instruction Data Area (SIDA), the Interception    
 72 Secure Interception General Register Save Area    
 73 the instruction data, such as I/O data structu    
 74 Instruction data is copied to and from the SID    
 75 GRs are put into / retrieved from the Secure I    
 76 Register Save Area.                               
 77                                                   
 78 Only GR values needed to emulate an instructio    
 79 save area and the real register numbers will b    
 80                                                   
 81 The Interception Parameters state description     
 82 the bytes of the instruction text, but with pr    
 83 instead of the actual ones. I.e. each instruct    
 84 instruction text, in order not to leak guest i    
 85 This also implies that the register content th    
 86 may be in r<m> from the hypervisor's point of     
 87                                                   
 88 The Secure Instruction Data Area contains inst    
 89 data. Instruction data, i.e. data being refere    
 90 like the SCCB for sclp, is moved via the SIDA.    
 91 intercepted, the SIE will only allow data and     
 92 this instruction to be moved to the guest via     
 93 discussed before. Other data is either ignored    
 94 interceptions.                                    
 95                                                   
 96                                                   
 97 Instruction emulation interceptions               
 98 -----------------------------------               
 99 There are two types of SIE secure instruction     
100 and the notification type. Normal secure instr    
101 make the guest pending for instruction complet    
102 instruction type, i.e. on SIE entry it is atte    
103 emulation of the instruction with the data pro    
104 be a program exception or instruction completi    
105                                                   
106 The notification type intercepts inform KVM ab    
107 changes due to guest instruction interpretatio    
108 is recognized, for example, for the store pref    
109 the new lowcore location. On SIE reentry, any     
110 is ignored and execution continues as if the g    
111 completed. For that reason KVM is not allowed     
112 interrupt.                                        
113                                                   
114 Links                                             
115 -----                                             
116 `KVM Forum 2019 presentation <https://static.s
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php