• Claudio Imbrenda's avatar
    s390/mm: provide memory management functions for protected KVM guests · 214d9bbc
    Claudio Imbrenda authored
    This provides the basic ultravisor calls and page table handling to cope
    with secure guests:
    - provide arch_make_page_accessible
    - make pages accessible after unmapping of secure guests
    - provide the ultravisor commands convert to/from secure
    - provide the ultravisor commands pin/unpin shared
    - provide callbacks to make pages secure (inacccessible)
     - we check for the expected pin count to only make pages secure if the
       host is not accessing them
     - we fence hugetlbfs for secure pages
    - add missing radix-tree include into gmap.h
    
    The basic idea is that a page can have 3 states: secure, normal or
    shared. The hypervisor can call into a firmware function called
    ultravisor that allows to change the state of a page: convert from/to
    secure. The convert from secure will encrypt the page and make it
    available to the host and host I/O. The convert to secure will remove
    the host capability to access this page.
    The design is that on convert to secure we will wait until writeback and
    page refs are indicating no host usage. At the same time the convert
    from secure (export to host) will be called in common code when the
    refcount or the writeback bit is already set. This avoids races between
    convert from and to secure.
    
    Then there is also the concept of shared pages. Those are kind of secure
    where the host can still access those pages. We need to be notified when
    the guest "unshares" such a page, basically doing a convert to secure by
    then. There is a call "pin shared page" that we use instead of convert
    from secure when possible.
    
    We do use PG_arch_1 as an optimization to minimize the convert from
    secure/pin shared.
    
    Several comments have been added in the code to explain the logic in
    the relevant places.
    Co-developed-by: default avatarUlrich Weigand <Ulrich.Weigand@de.ibm.com>
    Signed-off-by: default avatarUlrich Weigand <Ulrich.Weigand@de.ibm.com>
    Signed-off-by: default avatarClaudio Imbrenda <imbrenda@linux.ibm.com>
    Acked-by: default avatarDavid Hildenbrand <david@redhat.com>
    Acked-by: default avatarCornelia Huck <cohuck@redhat.com>
    Reviewed-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
    [borntraeger@de.ibm.com: patch merging, splitting, fixing]
    Signed-off-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
    214d9bbc
uv.c 8.03 KB