diff mbox series

[RFC,06/13] kvm: Add KVM_CAP_EXECONLY_MEM

Message ID 20191003212400.31130-7-rick.p.edgecombe@intel.com (mailing list archive)
State New, archived
Headers show
Series XOM for KVM guest userspace | expand

Commit Message

Rick Edgecombe Oct. 3, 2019, 9:23 p.m. UTC
Add a KVM capability for the KVM_MEM_EXECONLY memslot type. This memslot
type is supported if the HW supports execute-only TDP.

Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
---
 arch/x86/include/asm/kvm_host.h | 1 +
 arch/x86/kvm/svm.c              | 6 ++++++
 arch/x86/kvm/vmx/vmx.c          | 1 +
 arch/x86/kvm/x86.c              | 3 +++
 include/uapi/linux/kvm.h        | 1 +
 5 files changed, 12 insertions(+)

Comments

Paolo Bonzini Oct. 4, 2019, 7:24 a.m. UTC | #1
On 03/10/19 23:23, Rick Edgecombe wrote:
> Add a KVM capability for the KVM_MEM_EXECONLY memslot type. This memslot
> type is supported if the HW supports execute-only TDP.
> 
> Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
> ---
>  arch/x86/include/asm/kvm_host.h | 1 +
>  arch/x86/kvm/svm.c              | 6 ++++++
>  arch/x86/kvm/vmx/vmx.c          | 1 +
>  arch/x86/kvm/x86.c              | 3 +++
>  include/uapi/linux/kvm.h        | 1 +
>  5 files changed, 12 insertions(+)
> 
> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
> index 6d06c794d720..be3ff71e6227 100644
> --- a/arch/x86/include/asm/kvm_host.h
> +++ b/arch/x86/include/asm/kvm_host.h
> @@ -1132,6 +1132,7 @@ struct kvm_x86_ops {
>  	bool (*xsaves_supported)(void);
>  	bool (*umip_emulated)(void);
>  	bool (*pt_supported)(void);
> +	bool (*tdp_xo_supported)(void);
>  
>  	int (*check_nested_events)(struct kvm_vcpu *vcpu, bool external_intr);
>  	void (*request_immediate_exit)(struct kvm_vcpu *vcpu);
> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> index e0368076a1ef..f9f25f32e946 100644
> --- a/arch/x86/kvm/svm.c
> +++ b/arch/x86/kvm/svm.c
> @@ -6005,6 +6005,11 @@ static bool svm_pt_supported(void)
>  	return false;
>  }
>  
> +static bool svm_xo_supported(void)
> +{
> +	return false;
> +}
> +
>  static bool svm_has_wbinvd_exit(void)
>  {
>  	return true;
> @@ -7293,6 +7298,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
>  	.xsaves_supported = svm_xsaves_supported,
>  	.umip_emulated = svm_umip_emulated,
>  	.pt_supported = svm_pt_supported,
> +	.tdp_xo_supported = svm_xo_supported,
>  
>  	.set_supported_cpuid = svm_set_supported_cpuid,
>  
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index a30dbab8a2d4..7e7260c715f2 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -7767,6 +7767,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
>  	.xsaves_supported = vmx_xsaves_supported,
>  	.umip_emulated = vmx_umip_emulated,
>  	.pt_supported = vmx_pt_supported,
> +	.tdp_xo_supported = cpu_has_vmx_ept_execute_only,
>  
>  	.request_immediate_exit = vmx_request_immediate_exit,
>  
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 2e321d788672..810cfdb1a315 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -3183,6 +3183,9 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
>  		r = kvm_x86_ops->get_nested_state ?
>  			kvm_x86_ops->get_nested_state(NULL, NULL, 0) : 0;
>  		break;
> +	case KVM_CAP_EXECONLY_MEM:
> +		r = kvm_x86_ops->tdp_xo_supported();
> +		break;
>  	default:
>  		break;
>  	}
> diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
> index ede487b7b216..7778a1f03b78 100644
> --- a/include/uapi/linux/kvm.h
> +++ b/include/uapi/linux/kvm.h
> @@ -997,6 +997,7 @@ struct kvm_ppc_resize_hpt {
>  #define KVM_CAP_ARM_PTRAUTH_ADDRESS 171
>  #define KVM_CAP_ARM_PTRAUTH_GENERIC 172
>  #define KVM_CAP_PMU_EVENT_FILTER 173
> +#define KVM_CAP_EXECONLY_MEM 174
>  
>  #ifdef KVM_CAP_IRQ_ROUTING
>  
> 

This is not needed, execution only can be a CPUID bit in the hypervisor
range (see Documentation/virt/kvm/cpuid.txt).  Userspace can use
KVM_GET_SUPPORTED_CPUID to check whether the host supports it.

Paolo
Rick Edgecombe Oct. 4, 2019, 7:11 p.m. UTC | #2
On Fri, 2019-10-04 at 09:24 +0200, Paolo Bonzini wrote:
> On 03/10/19 23:23, Rick Edgecombe wrote:
> > Add a KVM capability for the KVM_MEM_EXECONLY memslot type. This memslot
> > type is supported if the HW supports execute-only TDP.
> > 
> > Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
> > ---
> >  arch/x86/include/asm/kvm_host.h | 1 +
> >  arch/x86/kvm/svm.c              | 6 ++++++
> >  arch/x86/kvm/vmx/vmx.c          | 1 +
> >  arch/x86/kvm/x86.c              | 3 +++
> >  include/uapi/linux/kvm.h        | 1 +
> >  5 files changed, 12 insertions(+)
> > 
> > diff --git a/arch/x86/include/asm/kvm_host.h
> > b/arch/x86/include/asm/kvm_host.h
> > index 6d06c794d720..be3ff71e6227 100644
> > --- a/arch/x86/include/asm/kvm_host.h
> > +++ b/arch/x86/include/asm/kvm_host.h
> > @@ -1132,6 +1132,7 @@ struct kvm_x86_ops {
> >  	bool (*xsaves_supported)(void);
> >  	bool (*umip_emulated)(void);
> >  	bool (*pt_supported)(void);
> > +	bool (*tdp_xo_supported)(void);
> >  
> >  	int (*check_nested_events)(struct kvm_vcpu *vcpu, bool external_intr);
> >  	void (*request_immediate_exit)(struct kvm_vcpu *vcpu);
> > diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> > index e0368076a1ef..f9f25f32e946 100644
> > --- a/arch/x86/kvm/svm.c
> > +++ b/arch/x86/kvm/svm.c
> > @@ -6005,6 +6005,11 @@ static bool svm_pt_supported(void)
> >  	return false;
> >  }
> >  
> > +static bool svm_xo_supported(void)
> > +{
> > +	return false;
> > +}
> > +
> >  static bool svm_has_wbinvd_exit(void)
> >  {
> >  	return true;
> > @@ -7293,6 +7298,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init
> > = {
> >  	.xsaves_supported = svm_xsaves_supported,
> >  	.umip_emulated = svm_umip_emulated,
> >  	.pt_supported = svm_pt_supported,
> > +	.tdp_xo_supported = svm_xo_supported,
> >  
> >  	.set_supported_cpuid = svm_set_supported_cpuid,
> >  
> > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> > index a30dbab8a2d4..7e7260c715f2 100644
> > --- a/arch/x86/kvm/vmx/vmx.c
> > +++ b/arch/x86/kvm/vmx/vmx.c
> > @@ -7767,6 +7767,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init
> > = {
> >  	.xsaves_supported = vmx_xsaves_supported,
> >  	.umip_emulated = vmx_umip_emulated,
> >  	.pt_supported = vmx_pt_supported,
> > +	.tdp_xo_supported = cpu_has_vmx_ept_execute_only,
> >  
> >  	.request_immediate_exit = vmx_request_immediate_exit,
> >  
> > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> > index 2e321d788672..810cfdb1a315 100644
> > --- a/arch/x86/kvm/x86.c
> > +++ b/arch/x86/kvm/x86.c
> > @@ -3183,6 +3183,9 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long
> > ext)
> >  		r = kvm_x86_ops->get_nested_state ?
> >  			kvm_x86_ops->get_nested_state(NULL, NULL, 0) : 0;
> >  		break;
> > +	case KVM_CAP_EXECONLY_MEM:
> > +		r = kvm_x86_ops->tdp_xo_supported();
> > +		break;
> >  	default:
> >  		break;
> >  	}
> > diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
> > index ede487b7b216..7778a1f03b78 100644
> > --- a/include/uapi/linux/kvm.h
> > +++ b/include/uapi/linux/kvm.h
> > @@ -997,6 +997,7 @@ struct kvm_ppc_resize_hpt {
> >  #define KVM_CAP_ARM_PTRAUTH_ADDRESS 171
> >  #define KVM_CAP_ARM_PTRAUTH_GENERIC 172
> >  #define KVM_CAP_PMU_EVENT_FILTER 173
> > +#define KVM_CAP_EXECONLY_MEM 174
> >  
> >  #ifdef KVM_CAP_IRQ_ROUTING
> >  
> > 
> 
> This is not needed, execution only can be a CPUID bit in the hypervisor
> range (see Documentation/virt/kvm/cpuid.txt).  Userspace can use
> KVM_GET_SUPPORTED_CPUID to check whether the host supports it.
> 
Oh yea. I didn't see this. Definitely seems better.

Thanks,

Rick
diff mbox series

Patch

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 6d06c794d720..be3ff71e6227 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1132,6 +1132,7 @@  struct kvm_x86_ops {
 	bool (*xsaves_supported)(void);
 	bool (*umip_emulated)(void);
 	bool (*pt_supported)(void);
+	bool (*tdp_xo_supported)(void);
 
 	int (*check_nested_events)(struct kvm_vcpu *vcpu, bool external_intr);
 	void (*request_immediate_exit)(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index e0368076a1ef..f9f25f32e946 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -6005,6 +6005,11 @@  static bool svm_pt_supported(void)
 	return false;
 }
 
+static bool svm_xo_supported(void)
+{
+	return false;
+}
+
 static bool svm_has_wbinvd_exit(void)
 {
 	return true;
@@ -7293,6 +7298,7 @@  static struct kvm_x86_ops svm_x86_ops __ro_after_init = {
 	.xsaves_supported = svm_xsaves_supported,
 	.umip_emulated = svm_umip_emulated,
 	.pt_supported = svm_pt_supported,
+	.tdp_xo_supported = svm_xo_supported,
 
 	.set_supported_cpuid = svm_set_supported_cpuid,
 
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index a30dbab8a2d4..7e7260c715f2 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7767,6 +7767,7 @@  static struct kvm_x86_ops vmx_x86_ops __ro_after_init = {
 	.xsaves_supported = vmx_xsaves_supported,
 	.umip_emulated = vmx_umip_emulated,
 	.pt_supported = vmx_pt_supported,
+	.tdp_xo_supported = cpu_has_vmx_ept_execute_only,
 
 	.request_immediate_exit = vmx_request_immediate_exit,
 
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 2e321d788672..810cfdb1a315 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -3183,6 +3183,9 @@  int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
 		r = kvm_x86_ops->get_nested_state ?
 			kvm_x86_ops->get_nested_state(NULL, NULL, 0) : 0;
 		break;
+	case KVM_CAP_EXECONLY_MEM:
+		r = kvm_x86_ops->tdp_xo_supported();
+		break;
 	default:
 		break;
 	}
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index ede487b7b216..7778a1f03b78 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -997,6 +997,7 @@  struct kvm_ppc_resize_hpt {
 #define KVM_CAP_ARM_PTRAUTH_ADDRESS 171
 #define KVM_CAP_ARM_PTRAUTH_GENERIC 172
 #define KVM_CAP_PMU_EVENT_FILTER 173
+#define KVM_CAP_EXECONLY_MEM 174
 
 #ifdef KVM_CAP_IRQ_ROUTING