| Message ID | 20191003212400.31130-7-rick.p.edgecombe@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | XOM for KVM guest userspace | expand |
On 03/10/19 23:23, Rick Edgecombe wrote: > Add a KVM capability for the KVM_MEM_EXECONLY memslot type. This memslot > type is supported if the HW supports execute-only TDP. > > Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com> > --- > arch/x86/include/asm/kvm_host.h | 1 + > arch/x86/kvm/svm.c | 6 ++++++ > arch/x86/kvm/vmx/vmx.c | 1 + > arch/x86/kvm/x86.c | 3 +++ > include/uapi/linux/kvm.h | 1 + > 5 files changed, 12 insertions(+) > > diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h > index 6d06c794d720..be3ff71e6227 100644 > --- a/arch/x86/include/asm/kvm_host.h > +++ b/arch/x86/include/asm/kvm_host.h > @@ -1132,6 +1132,7 @@ struct kvm_x86_ops { > bool (*xsaves_supported)(void); > bool (*umip_emulated)(void); > bool (*pt_supported)(void); > + bool (*tdp_xo_supported)(void); > > int (*check_nested_events)(struct kvm_vcpu *vcpu, bool external_intr); > void (*request_immediate_exit)(struct kvm_vcpu *vcpu); > diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c > index e0368076a1ef..f9f25f32e946 100644 > --- a/arch/x86/kvm/svm.c > +++ b/arch/x86/kvm/svm.c > @@ -6005,6 +6005,11 @@ static bool svm_pt_supported(void) > return false; > } > > +static bool svm_xo_supported(void) > +{ > + return false; > +} > + > static bool svm_has_wbinvd_exit(void) > { > return true; > @@ -7293,6 +7298,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { > .xsaves_supported = svm_xsaves_supported, > .umip_emulated = svm_umip_emulated, > .pt_supported = svm_pt_supported, > + .tdp_xo_supported = svm_xo_supported, > > .set_supported_cpuid = svm_set_supported_cpuid, > > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > index a30dbab8a2d4..7e7260c715f2 100644 > --- a/arch/x86/kvm/vmx/vmx.c > +++ b/arch/x86/kvm/vmx/vmx.c > @@ -7767,6 +7767,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = { > .xsaves_supported = vmx_xsaves_supported, > .umip_emulated = vmx_umip_emulated, > .pt_supported = vmx_pt_supported, > + .tdp_xo_supported = cpu_has_vmx_ept_execute_only, > > .request_immediate_exit = vmx_request_immediate_exit, > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 2e321d788672..810cfdb1a315 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -3183,6 +3183,9 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) > r = kvm_x86_ops->get_nested_state ? > kvm_x86_ops->get_nested_state(NULL, NULL, 0) : 0; > break; > + case KVM_CAP_EXECONLY_MEM: > + r = kvm_x86_ops->tdp_xo_supported(); > + break; > default: > break; > } > diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h > index ede487b7b216..7778a1f03b78 100644 > --- a/include/uapi/linux/kvm.h > +++ b/include/uapi/linux/kvm.h > @@ -997,6 +997,7 @@ struct kvm_ppc_resize_hpt { > #define KVM_CAP_ARM_PTRAUTH_ADDRESS 171 > #define KVM_CAP_ARM_PTRAUTH_GENERIC 172 > #define KVM_CAP_PMU_EVENT_FILTER 173 > +#define KVM_CAP_EXECONLY_MEM 174 > > #ifdef KVM_CAP_IRQ_ROUTING > > This is not needed, execution only can be a CPUID bit in the hypervisor range (see Documentation/virt/kvm/cpuid.txt). Userspace can use KVM_GET_SUPPORTED_CPUID to check whether the host supports it. Paolo
On Fri, 2019-10-04 at 09:24 +0200, Paolo Bonzini wrote: > On 03/10/19 23:23, Rick Edgecombe wrote: > > Add a KVM capability for the KVM_MEM_EXECONLY memslot type. This memslot > > type is supported if the HW supports execute-only TDP. > > > > Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com> > > --- > > arch/x86/include/asm/kvm_host.h | 1 + > > arch/x86/kvm/svm.c | 6 ++++++ > > arch/x86/kvm/vmx/vmx.c | 1 + > > arch/x86/kvm/x86.c | 3 +++ > > include/uapi/linux/kvm.h | 1 + > > 5 files changed, 12 insertions(+) > > > > diff --git a/arch/x86/include/asm/kvm_host.h > > b/arch/x86/include/asm/kvm_host.h > > index 6d06c794d720..be3ff71e6227 100644 > > --- a/arch/x86/include/asm/kvm_host.h > > +++ b/arch/x86/include/asm/kvm_host.h > > @@ -1132,6 +1132,7 @@ struct kvm_x86_ops { > > bool (*xsaves_supported)(void); > > bool (*umip_emulated)(void); > > bool (*pt_supported)(void); > > + bool (*tdp_xo_supported)(void); > > > > int (*check_nested_events)(struct kvm_vcpu *vcpu, bool external_intr); > > void (*request_immediate_exit)(struct kvm_vcpu *vcpu); > > diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c > > index e0368076a1ef..f9f25f32e946 100644 > > --- a/arch/x86/kvm/svm.c > > +++ b/arch/x86/kvm/svm.c > > @@ -6005,6 +6005,11 @@ static bool svm_pt_supported(void) > > return false; > > } > > > > +static bool svm_xo_supported(void) > > +{ > > + return false; > > +} > > + > > static bool svm_has_wbinvd_exit(void) > > { > > return true; > > @@ -7293,6 +7298,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init > > = { > > .xsaves_supported = svm_xsaves_supported, > > .umip_emulated = svm_umip_emulated, > > .pt_supported = svm_pt_supported, > > + .tdp_xo_supported = svm_xo_supported, > > > > .set_supported_cpuid = svm_set_supported_cpuid, > > > > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > > index a30dbab8a2d4..7e7260c715f2 100644 > > --- a/arch/x86/kvm/vmx/vmx.c > > +++ b/arch/x86/kvm/vmx/vmx.c > > @@ -7767,6 +7767,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init > > = { > > .xsaves_supported = vmx_xsaves_supported, > > .umip_emulated = vmx_umip_emulated, > > .pt_supported = vmx_pt_supported, > > + .tdp_xo_supported = cpu_has_vmx_ept_execute_only, > > > > .request_immediate_exit = vmx_request_immediate_exit, > > > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > > index 2e321d788672..810cfdb1a315 100644 > > --- a/arch/x86/kvm/x86.c > > +++ b/arch/x86/kvm/x86.c > > @@ -3183,6 +3183,9 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long > > ext) > > r = kvm_x86_ops->get_nested_state ? > > kvm_x86_ops->get_nested_state(NULL, NULL, 0) : 0; > > break; > > + case KVM_CAP_EXECONLY_MEM: > > + r = kvm_x86_ops->tdp_xo_supported(); > > + break; > > default: > > break; > > } > > diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h > > index ede487b7b216..7778a1f03b78 100644 > > --- a/include/uapi/linux/kvm.h > > +++ b/include/uapi/linux/kvm.h > > @@ -997,6 +997,7 @@ struct kvm_ppc_resize_hpt { > > #define KVM_CAP_ARM_PTRAUTH_ADDRESS 171 > > #define KVM_CAP_ARM_PTRAUTH_GENERIC 172 > > #define KVM_CAP_PMU_EVENT_FILTER 173 > > +#define KVM_CAP_EXECONLY_MEM 174 > > > > #ifdef KVM_CAP_IRQ_ROUTING > > > > > > This is not needed, execution only can be a CPUID bit in the hypervisor > range (see Documentation/virt/kvm/cpuid.txt). Userspace can use > KVM_GET_SUPPORTED_CPUID to check whether the host supports it. > Oh yea. I didn't see this. Definitely seems better. Thanks, Rick
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 6d06c794d720..be3ff71e6227 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1132,6 +1132,7 @@ struct kvm_x86_ops { bool (*xsaves_supported)(void); bool (*umip_emulated)(void); bool (*pt_supported)(void); + bool (*tdp_xo_supported)(void); int (*check_nested_events)(struct kvm_vcpu *vcpu, bool external_intr); void (*request_immediate_exit)(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index e0368076a1ef..f9f25f32e946 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -6005,6 +6005,11 @@ static bool svm_pt_supported(void) return false; } +static bool svm_xo_supported(void) +{ + return false; +} + static bool svm_has_wbinvd_exit(void) { return true; @@ -7293,6 +7298,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { .xsaves_supported = svm_xsaves_supported, .umip_emulated = svm_umip_emulated, .pt_supported = svm_pt_supported, + .tdp_xo_supported = svm_xo_supported, .set_supported_cpuid = svm_set_supported_cpuid, diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index a30dbab8a2d4..7e7260c715f2 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7767,6 +7767,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = { .xsaves_supported = vmx_xsaves_supported, .umip_emulated = vmx_umip_emulated, .pt_supported = vmx_pt_supported, + .tdp_xo_supported = cpu_has_vmx_ept_execute_only, .request_immediate_exit = vmx_request_immediate_exit, diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 2e321d788672..810cfdb1a315 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -3183,6 +3183,9 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) r = kvm_x86_ops->get_nested_state ? kvm_x86_ops->get_nested_state(NULL, NULL, 0) : 0; break; + case KVM_CAP_EXECONLY_MEM: + r = kvm_x86_ops->tdp_xo_supported(); + break; default: break; } diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index ede487b7b216..7778a1f03b78 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -997,6 +997,7 @@ struct kvm_ppc_resize_hpt { #define KVM_CAP_ARM_PTRAUTH_ADDRESS 171 #define KVM_CAP_ARM_PTRAUTH_GENERIC 172 #define KVM_CAP_PMU_EVENT_FILTER 173 +#define KVM_CAP_EXECONLY_MEM 174 #ifdef KVM_CAP_IRQ_ROUTING
Add a KVM capability for the KVM_MEM_EXECONLY memslot type. This memslot type is supported if the HW supports execute-only TDP. Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com> --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/svm.c | 6 ++++++ arch/x86/kvm/vmx/vmx.c | 1 + arch/x86/kvm/x86.c | 3 +++ include/uapi/linux/kvm.h | 1 + 5 files changed, 12 insertions(+)