[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v9 14/15] docs: Add protvirt docs
|
From: |
David Hildenbrand |
|
Subject: |
Re: [PATCH v9 14/15] docs: Add protvirt docs |
|
Date: |
Wed, 11 Mar 2020 17:16:06 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 |
I don't have to warn you that I am not a native speaker ;)
> +Prerequisites
> +-------------
> +
> +To run PVMs a machine with the Protected Virtualization feature
PVMs, a
> +which is indicated by the Ultravisor Call facility (stfle bit
, which ..., is required
> +158) is required. The Ultravisor needs to be initialized at boot by
> +setting `prot_virt=1` on the kernel command line.
> +
> +If those requirements are met, the capability `KVM_CAP_S390_PROTECTED`
> +will indicate that KVM can support PVMs on that LPAR.
> +
> +
> +QEMU Settings
> +-------------
> +
> +To indicate to the VM that it can transition into protected mode, the
> +`Unpack facility` (stfle bit 161 represented by the feature
> +`S390_FEAT_UNPACK`) needs to be part of the cpu model of the VM.
maybe mention the feature name instead of S390_FEAT_UNPACK ? "unpack"
> +
> +All I/O devices need to use the IOMMU.
need to/have to ?
> +Passthrough (vfio) devices are currently not supported.
Does that have to be fenced or will they simply not be detected/not work?
> +
> +Host huge page backings are not supported. However guests can use huge
> +pages as indicated by its facilities.
Maybe mention what will happen if huge pages are used.
> +
> +
> +Boot Process
> +------------
> +
> +A secure guest image can either be loaded from disk or supplied on the
> +QEMU command line. Booting from disk is done by the unmodified
> +s390-ccw BIOS. I.e., the bootmap is interpreted, multiple components
> +are read into memory and control is transferred to one of the
> +components (zipl stage3). Stag3 does some fixups and then transfers
> +control to some program residing in guest memory, which is normally
> +the OS kernel. The secure image has another component prepended
> +(stage3a) that uses the new diag308 subcodes 8 and 10 to trigger the
> +transition into secure mode.
> +
> +Booting from the image supplied via the QEMU command line requires
via/on as above?
> +that the file passed via -kernel has the same memory layout as would
> +result from the disk boot. This memory layout includes the encrypted
> +components (kernel, initrd, cmdline), the stage3a loader and
> +metadata. In case this boot method is used, the command line
> +options -initrd and -cmdline are ineffective. The preparation of a PVM
Is there way we could warn if these would be set?
> +image is done by genprotimg of the s390-tools package.
>
Acked-by: David Hildenbrand <address@hidden>
--
Thanks,
David / dhildenb
- Re: [PATCH v9 07/15] s390x: protvirt: Move STSI data over SIDAD, (continued)
Re: [PATCH v9 07/15] s390x: protvirt: Move STSI data over SIDAD, Claudio Imbrenda, 2020/03/13
[PATCH v9 15/15] s390x: Add unpack facility feature to GA1, Janosch Frank, 2020/03/11
[PATCH v9 14/15] docs: Add protvirt docs, Janosch Frank, 2020/03/11
Re: [PATCH v9 14/15] docs: Add protvirt docs, Cornelia Huck, 2020/03/18
[PATCH v9 13/15] s390x: protvirt: Handle SIGP store status correctly, Janosch Frank, 2020/03/11