Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp517461ybm; Mon, 20 May 2019 21:53:01 -0700 (PDT) X-Google-Smtp-Source: APXvYqxQBDdAfAy40nwDE4Uynp5xt/M8K6pVUqYa+qPlh68UzaN1+9/JhyQuL7AmtnYVSVEnBVdn X-Received: by 2002:a62:5653:: with SMTP id k80mr83733428pfb.144.1558414381556; Mon, 20 May 2019 21:53:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558414381; cv=none; d=google.com; s=arc-20160816; b=EW65fXxwMlvFk7555J32+pfKZhE6jTp25vTdX4JkejhhYZqk3NJ391jus8jm1uoYRJ YrK4zN3xrN6UJHrBov8vv/6xRs7RgKtMr9XT+EX6LJhwZddZmYVK7DzcTcjQpXzr+gTx CCCLHOvTFeHBKmBISCzhUYZ2xMVCNaljC5dEoc04Vn7oXT2whqafIzdNlmfuGGE1rWYD e0krKHYF0t04SNPNtFWVPjwxQ69xN4pdTC4wI+au5Qpj2bzv6XMgETmjP24yGr1p9XBC tyDMWllV0+d4YIUDSLPQqCPHxW417TiZ2leKyL+zKIQ7feT+bph6s8SDQFRyeJgrFOp1 pLQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:references:in-reply-to:date:subject:cc:to:from; bh=Y5sPnVIufmtEe8yTP17h+kUSmx1xESV1TmhKSUKwWls=; b=M/TgBbUbTwx3tFWK5fjSTVzujUc1P22mcf0UygsFAyD1AueOJsrOnrxtzDsZ81cdcx K/8a2nMh5T1x4kNrveqcPmFE7clJY5gyKmygvsFJJt5LwEGbxjCUnTms9+raBILxsR9u +XPd1RiiwK8FDv0o2gwh80EPullckswSN0llq5NGYyDfXCh7R4N4nx0OYoS/y+H3/xf5 p3rvGRotvY1LOojs7ugHhgrV1tUVTFxSBgvFwyfk+5eYSpn1n004NhqjzoaGKVEdV03v WLCvAaorhX5/IGWd+EJKfH97tzs8Sy7NRKZxGJvk4S2gOE19mNWXF3G+bxEsIXL/F1Xz QJXQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g97si20595402plb.70.2019.05.20.21.52.46; Mon, 20 May 2019 21:53:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727302AbfEUEvf (ORCPT + 99 others); Tue, 21 May 2019 00:51:35 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:46392 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725793AbfEUEvf (ORCPT ); Tue, 21 May 2019 00:51:35 -0400 Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x4L4lTpi104613 for ; Tue, 21 May 2019 00:51:34 -0400 Received: from e32.co.us.ibm.com (e32.co.us.ibm.com [32.97.110.150]) by mx0a-001b2d01.pphosted.com with ESMTP id 2sm9c12b67-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 21 May 2019 00:51:33 -0400 Received: from localhost by e32.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 21 May 2019 05:51:33 +0100 Received: from b03cxnp08026.gho.boulder.ibm.com (9.17.130.18) by e32.co.us.ibm.com (192.168.1.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 21 May 2019 05:51:29 +0100 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x4L4pR1Q60817558 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 21 May 2019 04:51:27 GMT Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8BD76C6055; Tue, 21 May 2019 04:51:27 +0000 (GMT) Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D99B4C6062; Tue, 21 May 2019 04:51:09 +0000 (GMT) Received: from morokweng.localdomain.com (unknown [9.80.203.157]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP; Tue, 21 May 2019 04:51:09 +0000 (GMT) From: Thiago Jung Bauermann To: linuxppc-dev@lists.ozlabs.org Cc: linux-kernel@vger.kernel.org, Alexey Kardashevskiy , Anshuman Khandual , Benjamin Herrenschmidt , Christoph Hellwig , Michael Ellerman , Mike Anderson , Paul Mackerras , Ram Pai , Claudio Carvalho , Thiago Jung Bauermann Subject: [PATCH 01/12] powerpc/pseries: Introduce option to build secure virtual machines Date: Tue, 21 May 2019 01:49:01 -0300 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190521044912.1375-1-bauerman@linux.ibm.com> References: <20190521044912.1375-1-bauerman@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 19052104-0004-0000-0000-000015120A26 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00011134; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000286; SDB=6.01206342; UDB=6.00633450; IPR=6.00987310; MB=3.00026980; MTD=3.00000008; XFM=3.00000015; UTC=2019-05-21 04:51:31 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19052104-0005-0000-0000-00008BBE4BA3 Message-Id: <20190521044912.1375-2-bauerman@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-05-20_09:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905210030 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Introduce CONFIG_PPC_SVM to control support for secure guests and include Ultravisor-related helpers when it is selected Signed-off-by: Thiago Jung Bauermann --- arch/powerpc/include/asm/ultravisor.h | 2 +- arch/powerpc/kernel/Makefile | 4 +++- arch/powerpc/platforms/pseries/Kconfig | 12 ++++++++++++ 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/include/asm/ultravisor.h b/arch/powerpc/include/asm/ultravisor.h index 4ffec7a36acd..09e0a615d96f 100644 --- a/arch/powerpc/include/asm/ultravisor.h +++ b/arch/powerpc/include/asm/ultravisor.h @@ -28,7 +28,7 @@ extern int early_init_dt_scan_ultravisor(unsigned long node, const char *uname, * This call supports up to 6 arguments and 4 return arguments. Use * UCALL_BUFSIZE to size the return argument buffer. */ -#if defined(CONFIG_PPC_UV) +#if defined(CONFIG_PPC_UV) || defined(CONFIG_PPC_SVM) long ucall(unsigned long opcode, unsigned long *retbuf, ...); #else static long ucall(unsigned long opcode, unsigned long *retbuf, ...) diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile index 43ff4546e469..1e9b721634c8 100644 --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile @@ -154,7 +154,9 @@ endif obj-$(CONFIG_EPAPR_PARAVIRT) += epapr_paravirt.o epapr_hcalls.o obj-$(CONFIG_KVM_GUEST) += kvm.o kvm_emul.o -obj-$(CONFIG_PPC_UV) += ultravisor.o ucall.o +ifneq ($(CONFIG_PPC_UV)$(CONFIG_PPC_SVM),) +obj-y += ultravisor.o ucall.o +endif # Disable GCOV, KCOV & sanitizers in odd or sensitive code GCOV_PROFILE_prom_init.o := n diff --git a/arch/powerpc/platforms/pseries/Kconfig b/arch/powerpc/platforms/pseries/Kconfig index 9c6b3d860518..82c16aa4f1ce 100644 --- a/arch/powerpc/platforms/pseries/Kconfig +++ b/arch/powerpc/platforms/pseries/Kconfig @@ -144,3 +144,15 @@ config PAPR_SCM tristate "Support for the PAPR Storage Class Memory interface" help Enable access to hypervisor provided storage class memory. + +config PPC_SVM + bool "Secure virtual machine (SVM) support for POWER" + depends on PPC_PSERIES + default n + help + Support secure guests on POWER. There are certain POWER platforms which + support secure guests using the Protected Execution Facility, with the + help of an Ultravisor executing below the hypervisor layer. This + enables the support for those guests. + + If unsure, say "N".