• Janosch Frank's avatar
    KVM: s390: Add configuration dump functionality · 0460eb35
    Janosch Frank authored
    Sometimes dumping inside of a VM fails, is unavailable or doesn't
    yield the required data. For these occasions we dump the VM from the
    outside, writing memory and cpu data to a file.
    
    Up to now PV guests only supported dumping from the inside of the
    guest through dumpers like KDUMP. A PV guest can be dumped from the
    hypervisor but the data will be stale and / or encrypted.
    
    To get the actual state of the PV VM we need the help of the
    Ultravisor who safeguards the VM state. New UV calls have been added
    to initialize the dump, dump storage state data, dump cpu data and
    complete the dump process. We expose these calls in this patch via a
    new UV ioctl command.
    
    The sensitive parts of the dump data are encrypted, the dump key is
    derived from the Customer Communication Key (CCK). This ensures that
    only the owner of the VM who has the CCK can decrypt the dump data.
    
    The memory is dumped / read via a normal export call and a re-import
    after the dump initialization is not needed (no re-encryption with a
    dump key).
    Signed-off-by: default avatarJanosch Frank <frankja@linux.ibm.com>
    Reviewed-by: default avatarClaudio Imbrenda <imbrenda@linux.ibm.com>
    Link: https://lore.kernel.org/r/20220517163629.3443-7-frankja@linux.ibm.com
    Message-Id: <20220517163629.3443-7-frankja@linux.ibm.com>
    Signed-off-by: default avatarChristian Borntraeger <borntraeger@linux.ibm.com>
    0460eb35
kvm-s390.h 16.2 KB