[03/59] arm64: Add ARM64_HAS_NESTED_VIRT cpufeature

Message ID	20190621093843.220980-4-marc.zyngier@arm.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org> From: Marc Zyngier <marc.zyngier@arm.com> To: linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu, kvm@vger.kernel.org Subject: [PATCH 03/59] arm64: Add ARM64_HAS_NESTED_VIRT cpufeature Date: Fri, 21 Jun 2019 10:37:47 +0100 Message-Id: <20190621093843.220980-4-marc.zyngier@arm.com> In-Reply-To: <20190621093843.220980-1-marc.zyngier@arm.com> References: <20190621093843.220980-1-marc.zyngier@arm.com> MIME-Version: 1.0 Precedence: list Cc: Julien Thierry <julien.thierry@arm.com>, Andre Przywara <andre.przywara@arm.com>, Suzuki K Poulose <suzuki.poulose@arm.com>, Christoffer Dall <christoffer.dall@arm.com>, Dave Martin <Dave.Martin@arm.com>, James Morse <james.morse@arm.com>, Jintack Lim <jintack@cs.columbia.edu> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org
Series	KVM: arm64: ARMv8.3 Nested Virtualization support \| expand [00/59] KVM: arm64: ARMv8.3 Nested Virtualization support [01/59] KVM: arm64: Migrate _elx sysreg accessors to msr_s/mrs_s [02/59] KVM: arm64: Move __load_guest_stage2 to kvm_mmu.h [03/59] arm64: Add ARM64_HAS_NESTED_VIRT cpufeature [04/59] KVM: arm64: nv: Introduce nested virtualization VCPU feature [05/59] KVM: arm64: nv: Reset VCPU to EL2 registers if VCPU nested virt is set [06/59] KVM: arm64: nv: Allow userspace to set PSR_MODE_EL2x [07/59] KVM: arm64: nv: Add EL2 system registers to vcpu context [08/59] KVM: arm64: nv: Reset VMPIDR_EL2 and VPIDR_EL2 to sane values [09/59] KVM: arm64: nv: Add nested virt VCPU primitives for vEL2 VCPU state [10/59] KVM: arm64: nv: Support virtual EL2 exceptions [11/59] KVM: arm64: nv: Inject HVC exceptions to the virtual EL2 [12/59] KVM: arm64: nv: Handle trapped ERET from virtual EL2 [13/59] KVM: arm64: nv: Handle virtual EL2 registers in vcpu_read/write_sys_reg() [14/59] KVM: arm64: nv: Handle SPSR_EL2 specially [15/59] KVM: arm64: nv: Refactor vcpu_{read,write}_sys_reg [16/59] KVM: arm64: nv: Save/Restore vEL2 sysregs [17/59] KVM: arm64: nv: Emulate PSTATE.M for a guest hypervisor [18/59] KVM: arm64: nv: Trap EL1 VM register accesses in virtual EL2 [19/59] KVM: arm64: nv: Trap SPSR_EL1, ELR_EL1 and VBAR_EL1 from virtual EL2 [20/59] KVM: arm64: nv: Trap CPACR_EL1 access in virtual EL2 [21/59] KVM: arm64: nv: Set a handler for the system instruction traps [22/59] KVM: arm64: nv: Handle PSCI call via smc from the guest [23/59] KVM: arm64: nv: Respect virtual HCR_EL2.TWX setting [24/59] KVM: arm64: nv: Respect virtual CPTR_EL2.TFP setting [25/59] KVM: arm64: nv: Don't expose SVE to nested guests [26/59] KVM: arm64: nv: Respect the virtual HCR_EL2.NV bit setting [27/59] KVM: arm64: nv: Respect virtual HCR_EL2.TVM and TRVM settings [28/59] KVM: arm64: nv: Respect the virtual HCR_EL2.NV1 bit setting [29/59] KVM: arm64: nv: Emulate EL12 register accesses from the virtual EL2 [30/59] KVM: arm64: nv: Configure HCR_EL2 for nested virtualization [31/59] KVM: arm64: nv: Only toggle cache for virtual EL2 when SCTLR_EL2 changes [32/59] KVM: arm64: nv: Hide RAS from nested guests [33/59] KVM: arm64: nv: Pretend we only support larger-than-host page sizes [34/59] KVM: arm/arm64: nv: Factor out stage 2 page table data from struct kvm [35/59] KVM: arm/arm64: nv: Support multiple nested stage 2 mmu structures [36/59] KVM: arm64: nv: Implement nested Stage-2 page table walk logic [37/59] KVM: arm64: nv: Handle shadow stage 2 page faults [38/59] KVM: arm64: nv: Unmap/flush shadow stage 2 page tables [39/59] KVM: arm64: nv: Move last_vcpu_ran to be per s2 mmu [40/59] KVM: arm64: nv: Don't always start an S2 MMU search from the beginning [41/59] KVM: arm64: nv: Introduce sys_reg_desc.forward_trap [42/59] KVM: arm64: nv: Rework the system instruction emulation framework [43/59] KVM: arm64: nv: Trap and emulate AT instructions from virtual EL2 [44/59] KVM: arm64: nv: Trap and emulate TLBI instructions from virtual EL2 [45/59] KVM: arm64: nv: Handle traps for timer _EL02 and _EL2 sysregs accessors [46/59] KVM: arm64: nv: arch_timer: Support hyp timer emulation [47/59] KVM: arm64: nv: Propagate CNTVOFF_EL2 to the virtual EL1 timer [48/59] KVM: arm64: nv: Load timer before the GIC [49/59] KVM: arm64: nv: vgic-v3: Take cpu_if pointer directly instead of vcpu [50/59] KVM: arm64: nv: Nested GICv3 Support [51/59] KVM: arm64: nv: vgic: Emulate the HW bit in software [52/59] KVM: arm64: nv: vgic: Allow userland to set VGIC maintenance IRQ [53/59] KVM: arm64: nv: Implement maintenance interrupt forwarding [54/59] KVM: arm64: nv: Add nested GICv3 tracepoints [55/59] arm64: KVM: nv: Add handling of EL2-specific timer registers [56/59] arm64: KVM: nv: Honor SCTLR_EL2.SPAN on entering vEL2 [57/59] arm64: KVM: nv: Handle SCTLR_EL2 RES0/RES1 bits [58/59] arm64: KVM: nv: Restrict S2 RD/WR permissions to match the guest's [59/59] arm64: KVM: nv: Allow userspace to request KVM_ARM_VCPU_NESTED_VIRT

Message ID

20190621093843.220980-4-marc.zyngier@arm.com (mailing list archive)

State

New, archived

Headers

From: Marc Zyngier <marc.zyngier@arm.com>
To: linux-arm-kernel@lists.infradead.org, kvmarm@lists.cs.columbia.edu,
 kvm@vger.kernel.org
Subject: [PATCH 03/59] arm64: Add ARM64_HAS_NESTED_VIRT cpufeature
Date: Fri, 21 Jun 2019 10:37:47 +0100
Message-Id: <20190621093843.220980-4-marc.zyngier@arm.com>
In-Reply-To: <20190621093843.220980-1-marc.zyngier@arm.com>
References: <20190621093843.220980-1-marc.zyngier@arm.com>
MIME-Version: 1.0
Precedence: list
Cc: Julien Thierry <julien.thierry@arm.com>,
 Andre Przywara <andre.przywara@arm.com>,
 Suzuki K Poulose <suzuki.poulose@arm.com>,
 Christoffer Dall <christoffer.dall@arm.com>,
 Dave Martin <Dave.Martin@arm.com>,
 James Morse <james.morse@arm.com>, Jintack Lim <jintack@cs.columbia.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org

Series

KVM: arm64: ARMv8.3 Nested Virtualization support | expand

Commit Message

Marc Zyngier June 21, 2019, 9:37 a.m. UTC

From: Jintack Lim <jintack.lim@linaro.org>

Add a new ARM64_HAS_NESTED_VIRT feature to indicate that the
CPU has the ARMv8.3 nested virtualization capability.

This will be used to support nested virtualization in KVM.

Signed-off-by: Jintack Lim <jintack.lim@linaro.org>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
---
 .../admin-guide/kernel-parameters.txt         |  4 +++
 arch/arm64/include/asm/cpucaps.h              |  3 ++-
 arch/arm64/include/asm/sysreg.h               |  1 +
 arch/arm64/kernel/cpufeature.c                | 26 +++++++++++++++++++
 4 files changed, 33 insertions(+), 1 deletion(-)

Comments

Julien Thierry June 21, 2019, 1:08 p.m. UTC | #1

On 21/06/2019 10:37, Marc Zyngier wrote:
> From: Jintack Lim <jintack.lim@linaro.org>
> 
> Add a new ARM64_HAS_NESTED_VIRT feature to indicate that the
> CPU has the ARMv8.3 nested virtualization capability.
> 
> This will be used to support nested virtualization in KVM.
> 
> Signed-off-by: Jintack Lim <jintack.lim@linaro.org>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> Signed-off-by: Christoffer Dall <christoffer.dall@arm.com>
> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
> ---
>  .../admin-guide/kernel-parameters.txt         |  4 +++
>  arch/arm64/include/asm/cpucaps.h              |  3 ++-
>  arch/arm64/include/asm/sysreg.h               |  1 +
>  arch/arm64/kernel/cpufeature.c                | 26 +++++++++++++++++++
>  4 files changed, 33 insertions(+), 1 deletion(-)
> 
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 138f6664b2e2..202bb2115d83 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -2046,6 +2046,10 @@
>  			[KVM,ARM] Allow use of GICv4 for direct injection of
>  			LPIs.
>  
> +	kvm-arm.nested=
> +			[KVM,ARM] Allow nested virtualization in KVM/ARM.
> +			Default is 0 (disabled)
> +

Once the kernel has been built with nested guest support, what do we
gain from having it disabled by default?

It seems a bit odd since the guests have to opt-in for the capability of
running guests of their own.

Is it it likely to have negative impact a negative impact on the host
kernel? Or on guests that do not request use of nested virt?

If not I feel that this kernel parameter should be dropped.

Cheers,

Marc Zyngier June 21, 2019, 1:22 p.m. UTC | #2

On 21/06/2019 14:08, Julien Thierry wrote:
> 
> 
> On 21/06/2019 10:37, Marc Zyngier wrote:
>> From: Jintack Lim <jintack.lim@linaro.org>
>>
>> Add a new ARM64_HAS_NESTED_VIRT feature to indicate that the
>> CPU has the ARMv8.3 nested virtualization capability.
>>
>> This will be used to support nested virtualization in KVM.
>>
>> Signed-off-by: Jintack Lim <jintack.lim@linaro.org>
>> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
>> Signed-off-by: Christoffer Dall <christoffer.dall@arm.com>
>> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
>> ---
>>  .../admin-guide/kernel-parameters.txt         |  4 +++
>>  arch/arm64/include/asm/cpucaps.h              |  3 ++-
>>  arch/arm64/include/asm/sysreg.h               |  1 +
>>  arch/arm64/kernel/cpufeature.c                | 26 +++++++++++++++++++
>>  4 files changed, 33 insertions(+), 1 deletion(-)
>>
>> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
>> index 138f6664b2e2..202bb2115d83 100644
>> --- a/Documentation/admin-guide/kernel-parameters.txt
>> +++ b/Documentation/admin-guide/kernel-parameters.txt
>> @@ -2046,6 +2046,10 @@
>>  			[KVM,ARM] Allow use of GICv4 for direct injection of
>>  			LPIs.
>>  
>> +	kvm-arm.nested=
>> +			[KVM,ARM] Allow nested virtualization in KVM/ARM.
>> +			Default is 0 (disabled)
>> +
> 
> Once the kernel has been built with nested guest support, what do we
> gain from having it disabled by default?

We have a bunch of fast paths almost everywhere when NV isn't enabled.
It makes a real difference at the moment.

> It seems a bit odd since the guests have to opt-in for the capability of
> running guests of their own.
> 
> Is it it likely to have negative impact a negative impact on the host
> kernel? Or on guests that do not request use of nested virt?
> 
> If not I feel that this kernel parameter should be dropped.

It really does. Speed is one, but also security is another. NV adds all
kind of new paths and complexity. Having a central knob to control it
and having it OFF by default helps me sleep at night...

This is also what x86 had for multiple years until it was deemed safe
enough to be on by default.

Thanks,

	M.

Suzuki K Poulose June 21, 2019, 1:44 p.m. UTC | #3

On 06/21/2019 10:37 AM, Marc Zyngier wrote:
> From: Jintack Lim <jintack.lim@linaro.org>
> 
> Add a new ARM64_HAS_NESTED_VIRT feature to indicate that the
> CPU has the ARMv8.3 nested virtualization capability.
> 
> This will be used to support nested virtualization in KVM.
> 
> Signed-off-by: Jintack Lim <jintack.lim@linaro.org>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> Signed-off-by: Christoffer Dall <christoffer.dall@arm.com>
> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>


Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>

Dave Martin June 24, 2019, 11:24 a.m. UTC | #4

On Fri, Jun 21, 2019 at 10:37:47AM +0100, Marc Zyngier wrote:
> From: Jintack Lim <jintack.lim@linaro.org>
> 
> Add a new ARM64_HAS_NESTED_VIRT feature to indicate that the
> CPU has the ARMv8.3 nested virtualization capability.
> 
> This will be used to support nested virtualization in KVM.
> 
> Signed-off-by: Jintack Lim <jintack.lim@linaro.org>
> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
> Signed-off-by: Christoffer Dall <christoffer.dall@arm.com>
> Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
> ---
>  .../admin-guide/kernel-parameters.txt         |  4 +++
>  arch/arm64/include/asm/cpucaps.h              |  3 ++-
>  arch/arm64/include/asm/sysreg.h               |  1 +
>  arch/arm64/kernel/cpufeature.c                | 26 +++++++++++++++++++
>  4 files changed, 33 insertions(+), 1 deletion(-)
> 
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 138f6664b2e2..202bb2115d83 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -2046,6 +2046,10 @@
>  			[KVM,ARM] Allow use of GICv4 for direct injection of
>  			LPIs.
>  
> +	kvm-arm.nested=
> +			[KVM,ARM] Allow nested virtualization in KVM/ARM.
> +			Default is 0 (disabled)
> +

In light of the discussion on this patch, is it worth making 0 not
guarantee that nested is allowed, rather than guaranteeing to disable
nested?

This would allow the option to be turned into a no-op later once the NV
code is considered mature enough to rip out all the conditionality.

[...]

Cheers
---Dave

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 138f6664b2e2..202bb2115d83 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2046,6 +2046,10 @@ 
 			[KVM,ARM] Allow use of GICv4 for direct injection of
 			LPIs.
 
+	kvm-arm.nested=
+			[KVM,ARM] Allow nested virtualization in KVM/ARM.
+			Default is 0 (disabled)
+
 	kvm-intel.ept=	[KVM,Intel] Disable extended page tables
 			(virtualized MMU) support on capable Intel chips.
 			Default is 1 (enabled)
diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h
index 33401ebc187c..faa13c1f1f65 100644
--- a/arch/arm64/include/asm/cpucaps.h
+++ b/arch/arm64/include/asm/cpucaps.h
@@ -63,7 +63,8 @@ 
 #define ARM64_HAS_IRQ_PRIO_MASKING		42
 #define ARM64_HAS_DCPODP			43
 #define ARM64_WORKAROUND_1463225		44
+#define ARM64_HAS_NESTED_VIRT			45
 
-#define ARM64_NCAPS				45
+#define ARM64_NCAPS				46
 
 #endif /* __ASM_CPUCAPS_H */
diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
index 434cf53d527b..f3ca7e4796ab 100644
--- a/arch/arm64/include/asm/sysreg.h
+++ b/arch/arm64/include/asm/sysreg.h
@@ -693,6 +693,7 @@ 
 /* id_aa64mmfr2 */
 #define ID_AA64MMFR2_FWB_SHIFT		40
 #define ID_AA64MMFR2_AT_SHIFT		32
+#define ID_AA64MMFR2_NV_SHIFT		24
 #define ID_AA64MMFR2_LVA_SHIFT		16
 #define ID_AA64MMFR2_IESB_SHIFT		12
 #define ID_AA64MMFR2_LSM_SHIFT		8
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 80babf451519..2f8e7d4e8e45 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -224,6 +224,7 @@  static const struct arm64_ftr_bits ftr_id_aa64mmfr1[] = {
 static const struct arm64_ftr_bits ftr_id_aa64mmfr2[] = {
 	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_FWB_SHIFT, 4, 0),
 	ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_AT_SHIFT, 4, 0),
+	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_NV_SHIFT, 4, 0),
 	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_LVA_SHIFT, 4, 0),
 	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_IESB_SHIFT, 4, 0),
 	ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64MMFR2_LSM_SHIFT, 4, 0),
@@ -1161,6 +1162,21 @@  static void cpu_copy_el2regs(const struct arm64_cpu_capabilities *__unused)
 	if (!alternative_is_applied(ARM64_HAS_VIRT_HOST_EXTN))
 		write_sysreg(read_sysreg(tpidr_el1), tpidr_el2);
 }
+
+static bool nested_param;
+static bool has_nested_virt_support(const struct arm64_cpu_capabilities *cap,
+				    int scope)
+{
+	return has_cpuid_feature(cap, scope) &&
+		nested_param;
+}
+
+static int __init kvmarm_nested_cfg(char *buf)
+{
+	return strtobool(buf, &nested_param);
+}
+
+early_param("kvm-arm.nested", kvmarm_nested_cfg);
 #endif
 
 static void cpu_has_fwb(const struct arm64_cpu_capabilities *__unused)
@@ -1331,6 +1347,16 @@  static const struct arm64_cpu_capabilities arm64_features[] = {
 		.matches = runs_at_el2,
 		.cpu_enable = cpu_copy_el2regs,
 	},
+	{
+		.desc = "Nested Virtualization Support",
+		.capability = ARM64_HAS_NESTED_VIRT,
+		.type = ARM64_CPUCAP_SYSTEM_FEATURE,
+		.matches = has_nested_virt_support,
+		.sys_reg = SYS_ID_AA64MMFR2_EL1,
+		.sign = FTR_UNSIGNED,
+		.field_pos = ID_AA64MMFR2_NV_SHIFT,
+		.min_field_value = 1,
+	},
 #endif	/* CONFIG_ARM64_VHE */
 	{
 		.desc = "32-bit EL0 Support",

[03/59] arm64: Add ARM64_HAS_NESTED_VIRT cpufeature

Commit Message

Comments

Patch