1 .. SPDX-License-Identifier: GPL-2.0 2 3 ========================================= 4 s390 (IBM Z) Ultravisor and Protected VMs 5 ========================================= 6 7 Summary 8 ------- 9 Protected virtual machines (PVM) are KVM VMs that do not allow KVM to 10 access VM state like guest memory or guest registers. Instead, the 11 PVMs are mostly managed by a new entity called Ultravisor (UV). The UV 12 provides an API that can be used by PVMs and KVM to request management 13 actions. 14 15 Each guest starts in non-protected mode and then may make a request to 16 transition into protected mode. On transition, KVM registers the guest 17 and its VCPUs with the Ultravisor and prepares everything for running 18 it. 19 20 The Ultravisor will secure and decrypt the guest's boot memory 21 (i.e. kernel/initrd). It will safeguard state changes like VCPU 22 starts/stops and injected interrupts while the guest is running. 23 24 As access to the guest's state, such as the SIE state description, is 25 normally needed to be able to run a VM, some changes have been made in 26 the behavior of the SIE instruction. A new format 4 state description 27 has been introduced, where some fields have different meanings for a 28 PVM. SIE exits are minimized as much as possible to improve speed and 29 reduce exposed guest state. 30 31 32 Interrupt injection 33 ------------------- 34 Interrupt injection is safeguarded by the Ultravisor. As KVM doesn't 35 have access to the VCPUs' lowcores, injection is handled via the 36 format 4 state description. 37 38 Machine check, external, IO and restart interruptions each can be 39 injected on SIE entry via a bit in the interrupt injection control 40 field (offset 0x54). If the guest cpu is not enabled for the interrupt 41 at the time of injection, a validity interception is recognized. The 42 format 4 state description contains fields in the interception data 43 block where data associated with the interrupt can be transported. 44 45 Program and Service Call exceptions have another layer of 46 safeguarding; they can only be injected for instructions that have 47 been intercepted into KVM. The exceptions need to be a valid outcome 48 of an instruction emulation by KVM, e.g. we can never inject a 49 addressing exception as they are reported by SIE since KVM has no 50 access to the guest memory. 51 52 53 Mask notification interceptions 54 ------------------------------- 55 KVM cannot intercept lctl(g) and lpsw(e) anymore in order to be 56 notified when a PVM enables a certain class of interrupt. As a 57 replacement, two new interception codes have been introduced: One 58 indicating that the contents of CRs 0, 6, or 14 have been changed, 59 indicating different interruption subclasses; and one indicating that 60 PSW bit 13 has been changed, indicating that a machine check 61 intervention was requested and those are now enabled. 62 63 Instruction emulation 64 --------------------- 65 With the format 4 state description for PVMs, the SIE instruction already 66 interprets more instructions than it does with format 2. It is not able 67 to interpret every instruction, but needs to hand some tasks to KVM; 68 therefore, the SIE and the ultravisor safeguard emulation inputs and outputs. 69 70 The control structures associated with SIE provide the Secure 71 Instruction Data Area (SIDA), the Interception Parameters (IP) and the 72 Secure Interception General Register Save Area. Guest GRs and most of 73 the instruction data, such as I/O data structures, are filtered. 74 Instruction data is copied to and from the SIDA when needed. Guest 75 GRs are put into / retrieved from the Secure Interception General 76 Register Save Area. 77 78 Only GR values needed to emulate an instruction will be copied into this 79 save area and the real register numbers will be hidden. 80 81 The Interception Parameters state description field still contains 82 the bytes of the instruction text, but with pre-set register values 83 instead of the actual ones. I.e. each instruction always uses the same 84 instruction text, in order not to leak guest instruction text. 85 This also implies that the register content that a guest had in r<n> 86 may be in r<m> from the hypervisor's point of view. 87 88 The Secure Instruction Data Area contains instruction storage 89 data. Instruction data, i.e. data being referenced by an instruction 90 like the SCCB for sclp, is moved via the SIDA. When an instruction is 91 intercepted, the SIE will only allow data and program interrupts for 92 this instruction to be moved to the guest via the two data areas 93 discussed before. Other data is either ignored or results in validity 94 interceptions. 95 96 97 Instruction emulation interceptions 98 ----------------------------------- 99 There are two types of SIE secure instruction intercepts: the normal 100 and the notification type. Normal secure instruction intercepts will 101 make the guest pending for instruction completion of the intercepted 102 instruction type, i.e. on SIE entry it is attempted to complete 103 emulation of the instruction with the data provided by KVM. That might 104 be a program exception or instruction completion. 105 106 The notification type intercepts inform KVM about guest environment 107 changes due to guest instruction interpretation. Such an interception 108 is recognized, for example, for the store prefix instruction to provide 109 the new lowcore location. On SIE reentry, any KVM data in the data areas 110 is ignored and execution continues as if the guest instruction had 111 completed. For that reason KVM is not allowed to inject a program 112 interrupt. 113 114 Links 115 ----- 116 `KVM Forum 2019 presentation <https://static.sched.com/hosted_files/kvmforum2019/3b/ibm_protected_vms_s390x.pdf>`_
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.