diff options
| author | Janosch Frank <[email protected]> | 2023-08-28 09:26:35 +0000 |
|---|---|---|
| committer | Janosch Frank <[email protected]> | 2023-08-28 09:26:35 +0000 |
| commit | 5d0545abee3a39e2946e6587475504f3ebab3ae3 (patch) | |
| tree | 6791e785bda7e35214af215f7bb790347dfce85e /arch/s390/kvm/pv.c | |
| parent | 642dbc0312d67781dabf97a70b43810165f21527 (diff) | |
| parent | f88fb1335733029b4630fb93cfaad349a81e57b2 (diff) | |
Merge remote-tracking branch 'vfio-ap' into next
The Secure Execution AP support makes it possible for SE VMs to
securely use APQNs without a third party being able to snoop IO. VMs
first bind to an APQN to securely attach it and granting protected key
crypto function access. Afterwards they can associate the APQN which
grants them clear key crypto function access. Once bound the APQNs are
not accessible to the host until a reset is performed.
The vfio-ap patches being merged here provide the base hypervisor
Secure Execution / Protected Virtualization AP support. This includes
proper handling of APQNs that are securely attached to a SE/PV guest
especially regarding resets.
Diffstat (limited to 'arch/s390/kvm/pv.c')
| -rw-r--r-- | arch/s390/kvm/pv.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/arch/s390/kvm/pv.c b/arch/s390/kvm/pv.c index 2f34c7c3c5ab..856140e9942e 100644 --- a/arch/s390/kvm/pv.c +++ b/arch/s390/kvm/pv.c @@ -18,6 +18,20 @@ #include <linux/mmu_notifier.h> #include "kvm-s390.h" +bool kvm_s390_pv_is_protected(struct kvm *kvm) +{ + lockdep_assert_held(&kvm->lock); + return !!kvm_s390_pv_get_handle(kvm); +} +EXPORT_SYMBOL_GPL(kvm_s390_pv_is_protected); + +bool kvm_s390_pv_cpu_is_protected(struct kvm_vcpu *vcpu) +{ + lockdep_assert_held(&vcpu->mutex); + return !!kvm_s390_pv_cpu_get_handle(vcpu); +} +EXPORT_SYMBOL_GPL(kvm_s390_pv_cpu_is_protected); + /** * struct pv_vm_to_be_destroyed - Represents a protected VM that needs to * be destroyed |