[K][PULL] KVM: Secure Execution guest dump encryption with customer keys

frank.heimes at canonical.com frank.heimes at canonical.com
Tue Sep 13 07:04:47 UTC 2022 

BugLink: https://bugs.launchpad.net/bugs/1959940

Hypervisor-initiated dumps for Secure Execution guests are not helpful because
memory and CPU state is encrypted by a transient key only available to the
Ultravisor. Workload owners can still configure kdump in order to obtain kernel
crash infomation, but there are situation where kdump doesn't work.
In such situations problem determination is severely impeded.
This feature will implement dumps created in a way that can only be decrypted
by the owner of the guest image and be used for problem determination.

---

The following changes since commit f1c0a2b9be484f4ccfc6117966a5a0571d0c440e:

  UBUNTU: [Packaging] Enable building zfs during cross-compile (2022-09-07 12:24:45 +0100)

are available in the Git repository at:

  https://git.launchpad.net/~fheimes/+git/lp1959940/ e143431ea9066b3de030746b55c9cda71c694109

for you to fetch changes up to e143431ea9066b3de030746b55c9cda71c694109:

  Documentation/virt/kvm/api.rst: Explain rc/rrc delivery (2022-09-12 12:38:26 +0200)

----------------------------------------------------------------
Janosch Frank (11):
      s390/uv: Add SE hdr query information
      s390/uv: Add dump fields to query
      KVM: s390: pv: Add query interface
      KVM: s390: pv: Add dump support definitions
      KVM: s390: pv: Add query dump information
      KVM: s390: Add configuration dump functionality
      KVM: s390: Add CPU dump functionality
      KVM: s390: Add KVM_CAP_S390_PROTECTED_DUMP
      Documentation: virt: Protected virtual machine dumps
      Documentation/virt/kvm/api.rst: Add protvirt dump/info api descriptions
      Documentation/virt/kvm/api.rst: Explain rc/rrc delivery

 Documentation/virt/kvm/api.rst               | 162 +++++++++++++++-
 Documentation/virt/kvm/s390/index.rst        |   1 +
 Documentation/virt/kvm/s390/s390-pv-dump.rst |  64 +++++++
 arch/s390/boot/uv.c                          |   4 +
 arch/s390/include/asm/kvm_host.h             |   1 +
 arch/s390/include/asm/uv.h                   |  45 ++++-
 arch/s390/kernel/uv.c                        |  53 ++++++
 arch/s390/kvm/kvm-s390.c                     | 269 +++++++++++++++++++++++++++
 arch/s390/kvm/kvm-s390.h                     |   5 +
 arch/s390/kvm/pv.c                           | 198 ++++++++++++++++++++
 include/uapi/linux/kvm.h                     |  55 ++++++
 11 files changed, 854 insertions(+), 3 deletions(-)
 create mode 100644 Documentation/virt/kvm/s390/s390-pv-dump.rst

More information about the kernel-team mailing list