Home
last modified time | relevance | path

Searched refs:VM (Results 1 – 25 of 213) sorted by relevance

123456789

/linux/Documentation/translations/zh_CN/mm/
H A Dpage_migration.rst129 为了克服这个问题,VM支持非LRU页面迁移,它为非LRU可移动页面提供了通用函数,而在迁移
137 VM对驱动的isolate_page()函数的期望是,如果驱动成功隔离了该页,则返回*true*。
138 返回true后,VM会将该页标记为PG_isolated,这样多个CPU的并发隔离就会跳过该
141 一旦页面被成功隔离,VM就会使用page.lru字段,因此驱动程序不应期望保留这些字段的值。
150 时,VM会在短时间内重试页面迁移,因为VM将-EAGAIN理解为 "临时迁移失败"。在返回除
151 -EAGAIN以外的任何错误时,VM将放弃页面迁移而不重试。
157 如果在隔离页上迁移失败,VM应该将隔离页返回给驱动,因此VM用隔离页调用驱动的
170 它需要address_space的参数来注册将被VM调用的migration family函数。确切地说,
171 PG_movable不是struct page的一个真正的标志。相反,VM复用了page->mapping的低
180 对于非LRU可移动页面的测试,VM支持__PageMovable()函数。然而,它并不能保证识别
[all …]
/linux/Documentation/virt/
H A Dne_overview.rst14 For example, an application that processes sensitive data and runs in a VM,
15 can be separated from other applications running in the same VM. This
16 application then runs in a separate VM than the primary VM, namely an enclave.
17 It runs alongside the VM that spawned it. This setup matches low latency
24 carved out of the primary VM. Each enclave is mapped to a process running in the
25 primary VM, that communicates with the NE kernel driver via an ioctl interface.
30 VM guest that uses the provided ioctl interface of the NE driver to spawn an
31 enclave VM (that's 2 below).
33 There is a NE emulated PCI device exposed to the primary VM. The driver for this
39 hypervisor running on the host where the primary VM is running. The Nitro
[all …]
/linux/Documentation/virt/hyperv/
H A Dhibernation.rst29 Considerations for Guest VM Hibernation
32 hardware is the virtual hardware provided by Hyper-V to the guest VM.
33 Only the targeted guest VM is hibernated, while other guest VMs and
40 Resuming a hibernated guest VM can be more challenging than with
43 is done on the same VM that hibernated, the memory size might be
45 removed. Virtual PCI devices assigned to the VM might be added or
49 Additional complexity can ensue because the disks of the hibernated VM
50 can be moved to another newly created VM that otherwise has the same
54 Different VM" section below.
56 Hyper-V also provides ways to move a VM from one Hyper-V host to
[all …]
H A Dcoco.rst7 the confidentiality and integrity of data in the VM's memory, even in the
9 CoCo VMs on Hyper-V share the generic CoCo VM threat model and security
14 A Linux CoCo VM on Hyper-V requires the cooperation and interaction of the
21 * The VM runs a version of Linux that supports being a CoCo VM
27 VM on Hyper-V.
31 To create a CoCo VM, the "Isolated VM" attribute must be specified to Hyper-V
32 when the VM is created. A VM cannot be changed from a CoCo VM to a normal VM,
37 Hyper-V CoCo VMs can run in two modes. The mode is selected when the VM is
38 created and cannot be changed during the life of the VM.
41 enlightened to understand and manage all aspects of running as a CoCo VM.
[all …]
H A Dvpci.rst5 In a Hyper-V guest VM, PCI pass-thru devices (also called
7 that are mapped directly into the VM's physical address space.
56 may be added to a VM or removed from a VM at any time during
57 the life of the VM, and not just during initial boot.
69 the VM while the VM is running. The ongoing operation of the
91 across reboots of the same VM so that the PCI domainIDs don't
118 guest VM at any time during the life of the VM. The removal
122 A guest VM is notified of the removal by an unsolicited
142 After sending the Eject message, Hyper-V allows the guest VM
153 during the guest VM lifecycle, proper synchronization in the
[all …]
/linux/Documentation/translations/zh_CN/security/
H A Dsnp-tdx-threat-model.rst36 (Trusted Execution Environment, TEE)中运行虚拟机(VM)。从现在起,本文档
40 为在CoCo虚拟机(VM)内运行的软件提供更强的安全保障。具体来说,机密计算允许
52 的接口、能够支持CoCo虚拟机(VM)的平台,以及一个在客户VM和底层平台之间充当安
55 源的访问等。然而,由于它通常不在CoCo VM的可信计算基(TCB)内,其访问权限受到
62 | CoCo guest VM |<---->| |
115 通常被置于CoCo VM TCB之外。需要注意的是,这并不意味着宿主机或VMM是故意恶意的,
116 而是强调拥有一个较小的CoCo VM TCB具有安全价值。这种新型的攻击者可以被视为一种
121 | CoCo guest VM |
145 这个 **Linux内核机密计算虚拟机(CoCo VM)的安全目标** 可以总结如下:
153 上述安全目标导致了两个主要的**Linux内核机密计算虚拟机(CoCo VM)资产**:
/linux/Documentation/virt/acrn/
H A Dintroduction.rst7 hardware. It has a privileged management VM, called Service VM, to manage User
10 ACRN userspace is an application running in the Service VM that emulates
11 devices for a User VM based on command line configurations. ACRN Hypervisor
12 Service Module (HSM) is a kernel module in the Service VM which provides
19 Service VM User VM
35 ACRN userspace allocates memory for the User VM, configures and initializes the
36 devices used by the User VM, loads the virtual bootloader, initializes the
37 virtual CPU state and handles I/O request accesses from the User VM. It uses
H A Dio-request.rst6 An I/O request of a User VM, which is constructed by the hypervisor, is
14 For each User VM, there is a shared 4-KByte memory region used for I/O requests
15 communication between the hypervisor and Service VM. An I/O request is a
18 VM. ACRN userspace in the Service VM first allocates a 4-KByte page and passes
26 An I/O client is responsible for handling User VM I/O requests whose accessed
28 User VM. There is a special client associated with each User VM, called the
31 VM.
39 | Service VM |
88 state when a trapped I/O access happens in a User VM.
90 the Service VM.
H A Dcpuid.rst7 A guest VM running on an ACRN hypervisor can check some of its features using
38 ACRN_FEATURE_PRIVILEGED_VM 0 guest VM is a privileged VM
/linux/net/iucv/
H A DKconfig5 prompt "IUCV support (S390 - z/VM only)"
8 under VM or VIF. If you run on z/VM, say "Y" to enable a fast
9 communication link between VM guests.
14 prompt "AF_IUCV Socket support (S390 - z/VM and HiperSockets transport)"
17 based on z/VM inter-user communication vehicle or based on
/linux/drivers/s390/char/
H A DKconfig119 prompt "Support for the z/VM recording system services (VM only)"
123 by the z/VM recording system services, eg. from *LOGREC, *ACCOUNT or
129 prompt "Support for the z/VM CP interface"
134 program on z/VM
137 int "Memory in MiB reserved for z/VM CP interface"
141 Specify the default amount of memory in MiB reserved for the z/VM CP
148 prompt "API for reading z/VM monitor service records"
151 Character device driver for reading z/VM monitor service records
155 prompt "API for writing z/VM monitor service records"
158 Character device driver for writing z/VM monitor service records
[all …]
/linux/Documentation/virt/kvm/s390/
H A Ds390-pv-dump.rst10 Dumping a VM is an essential tool for debugging problems inside
11 it. This is especially true when a protected VM runs into trouble as
15 However when dumping a protected VM we need to maintain its
16 confidentiality until the dump is in the hands of the VM owner who
19 The confidentiality of the VM dump is ensured by the Ultravisor who
22 Communication Key which is the key that's used to encrypt VM data in a
34 and extracts dump keys with which the VM dump data will be encrypted.
38 Currently there are two types of data that can be gathered from a VM:
/linux/Documentation/networking/
H A Dnet_failover.rst24 datapath. It also enables hypervisor controlled live migration of a VM with
72 Booting a VM with the above configuration will result in the following 3
73 interfaces created in the VM:
92 device; and on the first boot, the VM might end up with both 'failover' device
94 This will result in lack of connectivity to the VM. So some tweaks might be
112 Live Migration of a VM with SR-IOV VF & virtio-net in STANDBY mode
120 the source hypervisor. Note: It is assumed that the VM is connected to a
122 device to the VM. This is not the VF that was passthrough'd to the VM (seen in
142 TAP_IF=vmtap01 # virtio-net interface in the VM.
151 # Remove the VF that was passthrough'd to the VM.
[all …]
/linux/Documentation/admin-guide/hw-vuln/
H A Dvmscape.rst39 IBPB before the first exit to userspace after VM-exit. If userspace did not run
40 between VM-exit and the next VM-entry, no IBPB is issued.
45 context switch time, while the userspace VMM can run after a VM-exit without a
87 exit to userspace after VM-exit.
91 IBPB is issued on every VM-exit. This occurs when other mitigations like
92 RETBLEED or SRSO are already issuing IBPB on VM-exit.
H A Dattack_vector_controls.rst74 The guest-to-host attack vector involves a malicious VM attempting to leak
75 hypervisor data into the VM. The data involved may be limited, or may
88 The guest-to-guest attack vector involves a malicious VM attempting to influence
89 the behavior of another unsuspecting VM in order to exfiltrate data. The
90 vulnerability of a VM is based on the code inside the VM itself and the
93 If no untrusted VMs, or only a single VM is being run, consider disabling
96 Similar to the user-to-user attack vector, preventing a malicious VM from
97 leaking data from another VM requires mitigating guest-to-host attacks as well
108 malicious VM either observing or attempting to influence the behavior of code
/linux/Documentation/gpu/rfc/
H A Di915_vm_bind.rst9 specified address space (VM). These mappings (also referred to as persistent
18 User has to opt-in for VM_BIND mode of binding for an address space (VM)
19 during VM creation time via I915_VM_CREATE_FLAGS_USE_VM_BIND extension.
38 submissions on that VM and will not be in the working set for currently running
43 A VM in VM_BIND mode will not support older execbuf mode of binding.
56 works with execbuf3 ioctl for submission. All BOs mapped on that VM (through
82 dma-resv fence list of all shared BOs mapped on the VM.
85 is private to a specified VM via I915_GEM_CREATE_EXT_VM_PRIVATE flag during
86 BO creation. Unlike Shared BOs, these VM private BOs can only be mapped on
87 the VM they are private to and can't be dma-buf exported.
[all …]
/linux/drivers/virt/acrn/
H A DKconfig10 a privileged management VM, called Service VM, to manage User
12 under ACRN as a User VM.
/linux/drivers/s390/net/
H A DKconfig13 It also supports virtual CTCs when running under VM.
22 prompt "IUCV special message support (VM only)"
26 from other VM guest systems.
30 prompt "Deliver IUCV special messages as uevents (VM only)"
45 HiperSockets interfaces and z/VM virtual NICs for Guest LAN and
/linux/Documentation/security/
H A Dsnp-tdx-threat-model.rst33 Machines (VM) inside TEE. From now on in this document will be referring
39 inside a CoCo VM. Namely, confidential computing allows its users to
46 integrity for the VM's guest memory and execution state (vCPU registers),
55 a trusted intermediary between the guest VM and the underlying platform
59 VM, manage its access to system resources, etc. However, since it
60 typically stays out of CoCo VM TCB, its access is limited to preserve the
68 | CoCo guest VM |<---->| |
131 CoCo VM TCB due to its large SW attack surface. It is important to note
134 VM TCB. This new type of adversary may be viewed as a more powerful type
140 | CoCo guest VM |
[all …]
/linux/Documentation/devicetree/bindings/reserved-memory/
H A Dxen,shared-memory.txt4 virtual machine. Typically, a region is configured at VM creation time
20 memory region used for the mapping in the borrower VM.
24 the VM config file
/linux/Documentation/virt/kvm/devices/
H A Dvfio.rst11 Only one VFIO instance may be created per VM. The created device
12 tracks VFIO files (group or device) in use by the VM and features
14 of the VM. As groups/devices are enabled and disabled for use by the
15 VM, KVM should be updated about their presence. When registered with
/linux/Documentation/virt/kvm/arm/
H A Dvcpu-features.rst27 system. The ID register values may be VM-scoped in KVM, meaning that the
28 values could be shared for all vCPUs in a VM.
32 registers are mutable until the VM has started, i.e. userspace has called
33 ``KVM_RUN`` on at least one vCPU in the VM. Userspace can discover what fields
/linux/Documentation/arch/s390/
H A Dmonreader.rst2 Linux API for read access to z/VM Monitor Records
15 usable from user space and allows read access to the z/VM Monitor Records
16 collected by the `*MONITOR` System Service of z/VM.
21 The z/VM guest on which you want to access this API needs to be configured in
25 This item will use the IUCV device driver to access the z/VM services, so you
26 need a kernel with IUCV support. You also need z/VM version 4.4 or 5.1.
78 Refer to the "z/VM Performance" book (SC24-6109-00) on how to create a monitor
79 DCSS if your z/VM doesn't have one already, you need Class E privileges to
147 See "Appendix A: `*MONITOR`" in the "z/VM Performance" document for a description
149 be found here (z/VM 5.1): https://www.vm.ibm.com/pubs/mon510/index.html
[all …]
/linux/Documentation/arch/powerpc/
H A Dultravisor.rst63 the VM it is returning to is secure.
152 * SVMs are created from normal VM using (open source) tooling supplied
158 * When the UV_ESM ultracall is made the Ultravisor copies the VM into
389 #. When a normal VM switches to secure mode, all its pages residing
497 #. If the value of the PATE for an existing partition (VM) changes,
502 the PATE entries for a normal VM and can change the PATE entry
665 * U_INVALID if VM is not secure.
703 * U_INVALID if the VM is not secure.
752 * U_INVALID if VM is not secure.
795 * U_INVAL if VM is not secure.
[all …]
/linux/Documentation/ABI/testing/
H A Dsysfs-kernel-mm3 Contact: Nishanth Aravamudan <nacc@us.ibm.com>, VM maintainers
5 /sys/kernel/mm/ should contain any and all VM

123456789