On powerPC systems, the Hardware Management Console (HMC) is used
to create and manage logical partitions (LPAR) and both HMC and
LPARs exchange information over Ethernet which can expose security
implications. Hence the current method of communication is not
viable for secure boot configuration. To overcome these concerns,
the hypervisor introduced new inband hypervisor channel called
“Hypervisor Pipe (HVPIPE)” which allows HMC and LPARs to exchange
information with ibm,send-hvpipe-msg and ibm,receive-hvpipe-msg
RTAS calls. Sources can be any target that the hypervisor supports,
but only HMC source is supported.
ibm,send-hvpipe-msg RTAS: Inputs such as Source ID indicator of
which target the data is intended and the buffer list to hold the
payload, and returns the status. Each target represented by source
ID. For example, HMC1, HMC2 and etc.
ibm,receive-hvpipe-msg RTAS: Input buffer to hold the data and size
of the buffer, and returns the source ID of identifier of the target
providing the data, the bytes written in the buffer and the status.
The hypervisor defines HVPIPE with certain requirements and
constraints:
- The OS can determine HVPIPE feature availability with
“ibm,hypervisor-pipe-capable” property in the /rtas node of the
device tree.
- One pipe is assigned per partition and for all sources.
- Success return status of send HVPIPE means the payload is
delivered to source.
- Success return status of send HVPIPE as ACK to source.
- Generate HVPIPE event message interrupt if the status of pipe is
changed in the hypervisor such as payload is pending or pipe to
the specific source is closed
- Then the partition issue check exception handler to retrieve the
message which defines source ID of the pipe and its status.
- The hypervisor will not generate another HVPIPE event message
until the partition obtains the payload with recv HVPIPE RTAS.
- Supports only 4088 bytes of maximum payload right now,
This patch series adds HVPIPE support and provides interfaces to
the user space to execute ibm,send-hvpipe-msg and
ibm,receive-hvpipe-msg RTAS calls. We already have RTAS calls
execution such as ibm,get-indices, ibm,platform-dump,
ibm,get/set-system-parameter, etc to the user space and following
the similar interfaces foe send and recv HVPIPE RTAS functions.
- Create /dev/papr-hvpipe entry if HVPIPE is enabled
- devfd = open("/dev/papr-hvpipe", ..)
- fd = ioctl(fd,HVPIPE_IOC_CREATE_HANDLE, &srcID) for each source.
- size = write(fd, buf, size)
- Buffer contains papr_hvpipe_hdr and the payload and send the
payload with ibm,send-hvpipe-msg
- Return the size if the RTAS is success, otherwise return the
equivalent RTAS failure error code.
- ret = poll(fd,..)
- The user space waits for the payload from the source. OS wakes
up FD whenever receives interrupt from the hypervisor
- size = read(fd, buf, size)
- Buffer should have the space to contain papr_hvpipe_hdr and
the payload
- Each read() issue ibm,receive-hvpipe-msg and return the size
for RTAS success. Otherwise return the equivalent RTAS failure
error code.
This series consists of the following patches:
powerpc/pseries: Define papr-hvpipe ioctl
-provide HVPIPE_IOC_CREATE_HANDLE ioctl to the user space
powerpc/pseries: Define HVPIPE specific macros
– Define RTAS macros needed for ibm,send-hvpipe-msg and
ibm,receive-hvpipe-msg RTAS
powerpc/pseries: Add papr-hvpipe char driver for HVPIPE interfaces
– Add devpapr-hvpipe user space interfaces
powerpc/pseries: Send payload with ibm,send-hvpipe-msg RTAS
– Add send HVPIPE RTAS execution from user space
powerpc/pseries: Receive payload with ibm,receive-hvpipe-msg RTAS
– Add recv HVPIPE RTAS execution from user space
powerpc/pseries: Wakeup hvpipe FD when the payload is pending
– The kernel wakes up user space FD when the payload is pending
from the corresponding source
powerpc/pseries: Enable HVPIPE event message interrupt
– Enable HVPIPE interrupt and adds the handler
powerpc/pseries: Enable hvpipe with ibm,set-system-parameter RTAS
– Enable HVPIPE in the hypervisor
powerpc/pseries: HVPIPE changes to support migration
- LPM support
Haren Myneni (9):
powerpc/pseries: Define papr-hvpipe ioctl
powerpc/pseries: Define HVPIPE specific macros
powerpc/pseries: Add papr-hvpipe char driver for HVPIPE interfaces
powerpc/pseries: Send payload with ibm,send-hvpipe-msg RTAS
powerpc/pseries: Receive payload with ibm,receive-hvpipe-msg RTAS
powerpc/pseries: Wakeup hvpipe FD when the payload is pending
powerpc/pseries: Enable HVPIPE event message interrupt
powerpc/pseries: Enable hvpipe with ibm,set-system-parameter RTAS
powerpc/pseries: HVPIPE changes to support migration
.../userspace-api/ioctl/ioctl-number.rst | 2 +
arch/powerpc/include/asm/papr-sysparm.h | 1 +
arch/powerpc/include/asm/rtas.h | 9 +
arch/powerpc/include/uapi/asm/papr-hvpipe.h | 33 +
arch/powerpc/kernel/rtas.c | 24 +
arch/powerpc/kernel/rtasd.c | 2 +
arch/powerpc/platforms/pseries/Makefile | 1 +
arch/powerpc/platforms/pseries/mobility.c | 3 +
arch/powerpc/platforms/pseries/papr-hvpipe.c | 792 ++++++++++++++++++
arch/powerpc/platforms/pseries/papr-hvpipe.h | 42 +
10 files changed, 909 insertions(+)
create mode 100644 arch/powerpc/include/uapi/asm/papr-hvpipe.h
create mode 100644 arch/powerpc/platforms/pseries/papr-hvpipe.c
create mode 100644 arch/powerpc/platforms/pseries/papr-hvpipe.h
--
2.43.5
