diff options
| author | Janosch Frank <frankja@linux.ibm.com> | 2023-08-28 09:26:35 +0000 |
|---|---|---|
| committer | Janosch Frank <frankja@linux.ibm.com> | 2023-08-28 09:26:35 +0000 |
| commit | 5d0545abee3a39e2946e6587475504f3ebab3ae3 (patch) | |
| tree | 6791e785bda7e35214af215f7bb790347dfce85e /arch/s390/kvm | |
| parent | 642dbc0312d67781dabf97a70b43810165f21527 (diff) | |
| parent | f88fb1335733029b4630fb93cfaad349a81e57b2 (diff) | |
| download | linux-stable-5d0545abee3a39e2946e6587475504f3ebab3ae3.tar.gz linux-stable-5d0545abee3a39e2946e6587475504f3ebab3ae3.tar.bz2 linux-stable-5d0545abee3a39e2946e6587475504f3ebab3ae3.zip | |
Merge remote-tracking branch 'vfio-ap' into next
The Secure Execution AP support makes it possible for SE VMs to
securely use APQNs without a third party being able to snoop IO. VMs
first bind to an APQN to securely attach it and granting protected key
crypto function access. Afterwards they can associate the APQN which
grants them clear key crypto function access. Once bound the APQNs are
not accessible to the host until a reset is performed.
The vfio-ap patches being merged here provide the base hypervisor
Secure Execution / Protected Virtualization AP support. This includes
proper handling of APQNs that are securely attached to a SE/PV guest
especially regarding resets.
Diffstat (limited to 'arch/s390/kvm')
| -rw-r--r-- | arch/s390/kvm/kvm-s390.h | 12 | ||||
| -rw-r--r-- | arch/s390/kvm/pv.c | 14 |
2 files changed, 14 insertions, 12 deletions
diff --git a/arch/s390/kvm/kvm-s390.h b/arch/s390/kvm/kvm-s390.h index 0261d42c7d01..a7ea80cfa445 100644 --- a/arch/s390/kvm/kvm-s390.h +++ b/arch/s390/kvm/kvm-s390.h @@ -270,18 +270,6 @@ static inline u64 kvm_s390_pv_cpu_get_handle(struct kvm_vcpu *vcpu) return vcpu->arch.pv.handle; } -static inline bool kvm_s390_pv_is_protected(struct kvm *kvm) -{ - lockdep_assert_held(&kvm->lock); - return !!kvm_s390_pv_get_handle(kvm); -} - -static inline bool kvm_s390_pv_cpu_is_protected(struct kvm_vcpu *vcpu) -{ - lockdep_assert_held(&vcpu->mutex); - return !!kvm_s390_pv_cpu_get_handle(vcpu); -} - /* implemented in interrupt.c */ int kvm_s390_handle_wait(struct kvm_vcpu *vcpu); void kvm_s390_vcpu_wakeup(struct kvm_vcpu *vcpu); diff --git a/arch/s390/kvm/pv.c b/arch/s390/kvm/pv.c index 2f34c7c3c5ab..856140e9942e 100644 --- a/arch/s390/kvm/pv.c +++ b/arch/s390/kvm/pv.c @@ -18,6 +18,20 @@ #include <linux/mmu_notifier.h> #include "kvm-s390.h" +bool kvm_s390_pv_is_protected(struct kvm *kvm) +{ + lockdep_assert_held(&kvm->lock); + return !!kvm_s390_pv_get_handle(kvm); +} +EXPORT_SYMBOL_GPL(kvm_s390_pv_is_protected); + +bool kvm_s390_pv_cpu_is_protected(struct kvm_vcpu *vcpu) +{ + lockdep_assert_held(&vcpu->mutex); + return !!kvm_s390_pv_cpu_get_handle(vcpu); +} +EXPORT_SYMBOL_GPL(kvm_s390_pv_cpu_is_protected); + /** * struct pv_vm_to_be_destroyed - Represents a protected VM that needs to * be destroyed |