| Message ID | 20231108111806.92604-10-nsaenz@amazon.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:aa0b:0:b0:403:3b70:6f57 with SMTP id k11csp842967vqo;
Wed, 8 Nov 2023 03:21:59 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IExNHWJOvGeJuh93HcBgOUzgRBzZIuKu5smh4LcQZpi53KmdvD9qFgyCrYSo+Vtu64JvPv7
X-Received: by 2002:a05:6808:3847:b0:3af:e67d:8295 with SMTP id
ej7-20020a056808384700b003afe67d8295mr2075608oib.40.1699442519073;
Wed, 08 Nov 2023 03:21:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1699442519; cv=none;
d=google.com; s=arc-20160816;
b=SNP8oMUsTfHpWsi2LsFDG8D2kGWyE88bb1RKEFzTKjaTr0Rrn634YQrZ60D7sRnWiv
E1iE86ANxn155YKlzkS5GeVJlHZx84O6mv9xk/5a+oZEcZjl0XQ6NitZv9Ix+XXokcVv
qoOPJ5B2P7TY84dWPH7o46IA1HZKRFyu5JTgwpO22oShcxcC2RRXJgd63VzUe+MOVD0j
VLDuSQr7t6QOwaBPg7y3uzBmCwypmvZJTdcyivy8qtO+SEpFjfbT4ntS+KeRGNWEVJ5H
Ol24F/sF7eGPZWj7OKwKFlyFBWvXUXqoTxObhh59ZzDPqdZdEmwMxUYs3aPZmPlAaK1x
NRCw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=+q6HaRK4F5IqO9uASaPkSnlSL0f+bqvxqAxqsapmXI8=;
fh=Qdq7NqGm5JR9LpctBpXjoRI38Lb2mCk6xy26GEDp1Bg=;
b=ru6be41n0Os4qRnjiS6UuMiiS6HsARQ/N8w24C5dAPnLiFg3uVfVFKNgrlCZ4Mw1A7
Sg0rn99SPoklYZxtPArZMdwgY5FQ/0h0wM96yVvEG0+2TM7Y8QMAW+YLVCMGU6WPM93f
tkXGrXFA4x8ZDrX0v/fNOg1pwerweFVsAZ+FsBi3O/OirBAqTsHug/xvJlTADtSusJGS
2KcbALTPnYKDJBqkfqrR8wl02HL5yuY+UFU3S3eFs8FObk6BqfhY+idjbjMtUng9jmFI
GJyPvz07eMFboJRiFpt3C51m+qsom+zTqQqR7zcCU7vJx+MQFU6k/gCROgI3PJ386vz3
cHNA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=C0dt2eL7;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:3 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com
Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3])
by mx.google.com with ESMTPS id
c2-20020aa78802000000b0068fce6a86acsi11914527pfo.121.2023.11.08.03.21.58
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 08 Nov 2023 03:21:59 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:3 as permitted sender)
client-ip=2620:137:e000::3:3;
Authentication-Results: mx.google.com;
dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=C0dt2eL7;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:3 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by lipwig.vger.email (Postfix) with ESMTP id AA764808474B;
Wed, 8 Nov 2023 03:20:55 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1344455AbjKHLUe (ORCPT <rfc822;jaysivo@gmail.com> + 32 others);
Wed, 8 Nov 2023 06:20:34 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42704 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1344676AbjKHLUV (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 8 Nov 2023 06:20:21 -0500
Received: from smtp-fw-80007.amazon.com (smtp-fw-80007.amazon.com
[99.78.197.218])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8552D1FC8;
Wed, 8 Nov 2023 03:20:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209;
t=1699442419; x=1730978419;
h=from:to:cc:subject:date:message-id:in-reply-to:
references:mime-version:content-transfer-encoding;
bh=+q6HaRK4F5IqO9uASaPkSnlSL0f+bqvxqAxqsapmXI8=;
b=C0dt2eL7HaTLnf+XladYEXWisf8ff8t8FXQGWEY1ORRsP8yKVNUG6dcQ
Eq4tEIis1CZvWqwIrhNeHYugTgs6YAFQIKVddISCpF40nigHDaRTCl9L+
gdfO3zAwk0J+wPdQ3mhMrK2UqnhfGb1l5hlOsO7sSxpUU3o7i534VyMoH
8=;
X-IronPort-AV: E=Sophos;i="6.03,286,1694736000";
d="scan'208";a="251427918"
Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO
email-inbound-relay-pdx-2b-m6i4x-a893d89c.us-west-2.amazon.com)
([10.25.36.210])
by smtp-border-fw-80007.pdx80.corp.amazon.com with
ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Nov 2023 11:20:18 +0000
Received: from smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev
(pdx2-ws-svc-p26-lb5-vlan2.pdx.amazon.com [10.39.38.66])
by email-inbound-relay-pdx-2b-m6i4x-a893d89c.us-west-2.amazon.com
(Postfix) with ESMTPS id 05BA740D73;
Wed, 8 Nov 2023 11:20:17 +0000 (UTC)
Received: from EX19MTAEUB001.ant.amazon.com [10.0.17.79:7728]
by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.33.209:2525]
with esmtp (Farcaster)
id 3cca8fad-d704-4370-b632-03b67dd48c0d; Wed, 8 Nov 2023 11:20:16 +0000 (UTC)
X-Farcaster-Flow-ID: 3cca8fad-d704-4370-b632-03b67dd48c0d
Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by
EX19MTAEUB001.ant.amazon.com (10.252.51.28) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1118.39; Wed, 8 Nov 2023 11:20:16 +0000
Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138)
by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1118.39; Wed, 8 Nov 2023 11:20:11 +0000
From: Nicolas Saenz Julienne <nsaenz@amazon.com>
To: <kvm@vger.kernel.org>
CC: <linux-kernel@vger.kernel.org>, <linux-hyperv@vger.kernel.org>,
<pbonzini@redhat.com>, <seanjc@google.com>, <vkuznets@redhat.com>,
<anelkz@amazon.com>, <graf@amazon.com>, <dwmw@amazon.co.uk>,
<jgowans@amazon.com>, <corbert@lwn.net>, <kys@microsoft.com>,
<haiyangz@microsoft.com>, <decui@microsoft.com>, <x86@kernel.org>,
<linux-doc@vger.kernel.org>,
Nicolas Saenz Julienne <nsaenz@amazon.com>
Subject: [RFC 09/33] KVM: x86: hyper-v: Introduce per-VTL vcpu helpers
Date: Wed, 8 Nov 2023 11:17:42 +0000
Message-ID: <20231108111806.92604-10-nsaenz@amazon.com>
X-Mailer: git-send-email 2.40.1
In-Reply-To: <20231108111806.92604-1-nsaenz@amazon.com>
References: <20231108111806.92604-1-nsaenz@amazon.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Originating-IP: [10.13.235.138]
X-ClientProxiedBy: EX19D044UWB002.ant.amazon.com (10.13.139.188) To
EX19D004EUC001.ant.amazon.com (10.252.51.190)
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]);
Wed, 08 Nov 2023 03:20:55 -0800 (PST)
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,
UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no
version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1781994638830439039
X-GMAIL-MSGID: 1781994638830439039
|
| Series |
KVM: x86: hyperv: Introduce VSM support
|
|
Commit Message
Nicolas Saenz Julienne
Nov. 8, 2023, 11:17 a.m. UTC
Introduce two helper functions. The first one queries a vCPU's VTL
level, the second one, given a struct kvm_vcpu and VTL pair, returns the
corresponding 'sibling' struct kvm_vcpu at the right VTL.
We keep track of each VTL's state by having a distinct struct kvm_vpcu
for each level. VTL-vCPUs that belong to the same guest CPU share the
same physical APIC id, but belong to different APIC groups where the
apic group represents the vCPU's VTL.
Signed-off-by: Nicolas Saenz Julienne <nsaenz@amazon.com>
---
arch/x86/kvm/hyperv.h | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
Comments
On 08.11.23 12:17, Nicolas Saenz Julienne wrote: > Introduce two helper functions. The first one queries a vCPU's VTL > level, the second one, given a struct kvm_vcpu and VTL pair, returns the > corresponding 'sibling' struct kvm_vcpu at the right VTL. > > We keep track of each VTL's state by having a distinct struct kvm_vpcu > for each level. VTL-vCPUs that belong to the same guest CPU share the > same physical APIC id, but belong to different APIC groups where the > apic group represents the vCPU's VTL. > > Signed-off-by: Nicolas Saenz Julienne <nsaenz@amazon.com> > --- > arch/x86/kvm/hyperv.h | 18 ++++++++++++++++++ > 1 file changed, 18 insertions(+) > > diff --git a/arch/x86/kvm/hyperv.h b/arch/x86/kvm/hyperv.h > index 2bfed69ba0db..5433107e7cc8 100644 > --- a/arch/x86/kvm/hyperv.h > +++ b/arch/x86/kvm/hyperv.h > @@ -23,6 +23,7 @@ > > #include <linux/kvm_host.h> > #include "x86.h" > +#include "lapic.h" > > /* "Hv#1" signature */ > #define HYPERV_CPUID_SIGNATURE_EAX 0x31237648 > @@ -83,6 +84,23 @@ static inline struct kvm_hv_syndbg *to_hv_syndbg(struct kvm_vcpu *vcpu) > return &vcpu->kvm->arch.hyperv.hv_syndbg; > } > > +static inline struct kvm_vcpu *kvm_hv_get_vtl_vcpu(struct kvm_vcpu *vcpu, int vtl) > +{ > + struct kvm *kvm = vcpu->kvm; > + u32 target_id = kvm_apic_id(vcpu); > + > + kvm_apic_id_set_group(kvm, vtl, &target_id); > + if (vcpu->vcpu_id == target_id) > + return vcpu; > + > + return kvm_get_vcpu_by_id(kvm, target_id); > +} > + > +static inline u8 kvm_hv_get_active_vtl(struct kvm_vcpu *vcpu) > +{ > + return kvm_apic_group(vcpu); Shouldn't this check whether VTL is active? If someone wants to use APIC groups for a different purpose in the future, they'd suddenly find themselves in VTL code paths in other code (such as memory protections), no? Alex Amazon Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B Sitz: Berlin Ust-ID: DE 289 237 879
On Wed Nov 8, 2023 at 12:21 PM UTC, Alexander Graf wrote: > > On 08.11.23 12:17, Nicolas Saenz Julienne wrote: > > Introduce two helper functions. The first one queries a vCPU's VTL > > level, the second one, given a struct kvm_vcpu and VTL pair, returns the > > corresponding 'sibling' struct kvm_vcpu at the right VTL. > > > > We keep track of each VTL's state by having a distinct struct kvm_vpcu > > for each level. VTL-vCPUs that belong to the same guest CPU share the > > same physical APIC id, but belong to different APIC groups where the > > apic group represents the vCPU's VTL. > > > > Signed-off-by: Nicolas Saenz Julienne <nsaenz@amazon.com> > > --- > > arch/x86/kvm/hyperv.h | 18 ++++++++++++++++++ > > 1 file changed, 18 insertions(+) > > > > diff --git a/arch/x86/kvm/hyperv.h b/arch/x86/kvm/hyperv.h > > index 2bfed69ba0db..5433107e7cc8 100644 > > --- a/arch/x86/kvm/hyperv.h > > +++ b/arch/x86/kvm/hyperv.h > > @@ -23,6 +23,7 @@ > > > > #include <linux/kvm_host.h> > > #include "x86.h" > > +#include "lapic.h" > > > > /* "Hv#1" signature */ > > #define HYPERV_CPUID_SIGNATURE_EAX 0x31237648 > > @@ -83,6 +84,23 @@ static inline struct kvm_hv_syndbg *to_hv_syndbg(struct kvm_vcpu *vcpu) > > return &vcpu->kvm->arch.hyperv.hv_syndbg; > > } > > > > +static inline struct kvm_vcpu *kvm_hv_get_vtl_vcpu(struct kvm_vcpu *vcpu, int vtl) > > +{ > > + struct kvm *kvm = vcpu->kvm; > > + u32 target_id = kvm_apic_id(vcpu); > > + > > + kvm_apic_id_set_group(kvm, vtl, &target_id); > > + if (vcpu->vcpu_id == target_id) > > + return vcpu; > > + > > + return kvm_get_vcpu_by_id(kvm, target_id); > > +} > > + > > +static inline u8 kvm_hv_get_active_vtl(struct kvm_vcpu *vcpu) > > +{ > > + return kvm_apic_group(vcpu); > > Shouldn't this check whether VTL is active? If someone wants to use APIC > groups for a different purpose in the future, they'd suddenly find > themselves in VTL code paths in other code (such as memory protections), no? Yes, indeed. This is solved by adding a couple of checks vs kvm_hv_vsm_enabled(). I don't have another use-case in mind for APIC ID groups so it's hard to picture if I'm just over engineering things, but I wonder it we need to introduce some sort of protection vs concurrent usages. For example we could introduce masks within the group bits and have consumers explicitly request what they want. Something like: vtl = kvm_apic_group(vcpu, HV_VTL); If user-space didn't reserve bits within the APIC ID group area and marked them with HV_VTL you'd get an error as opposed to 0 which is otherwise a valid group. Nicolas
On Wed, 2023-11-08 at 11:17 +0000, Nicolas Saenz Julienne wrote: > Introduce two helper functions. The first one queries a vCPU's VTL > level, the second one, given a struct kvm_vcpu and VTL pair, returns the > corresponding 'sibling' struct kvm_vcpu at the right VTL. > > We keep track of each VTL's state by having a distinct struct kvm_vpcu > for each level. VTL-vCPUs that belong to the same guest CPU share the > same physical APIC id, but belong to different APIC groups where the > apic group represents the vCPU's VTL. > > Signed-off-by: Nicolas Saenz Julienne <nsaenz@amazon.com> > --- > arch/x86/kvm/hyperv.h | 18 ++++++++++++++++++ > 1 file changed, 18 insertions(+) > > diff --git a/arch/x86/kvm/hyperv.h b/arch/x86/kvm/hyperv.h > index 2bfed69ba0db..5433107e7cc8 100644 > --- a/arch/x86/kvm/hyperv.h > +++ b/arch/x86/kvm/hyperv.h > @@ -23,6 +23,7 @@ > > #include <linux/kvm_host.h> > #include "x86.h" > +#include "lapic.h" > > /* "Hv#1" signature */ > #define HYPERV_CPUID_SIGNATURE_EAX 0x31237648 > @@ -83,6 +84,23 @@ static inline struct kvm_hv_syndbg *to_hv_syndbg(struct kvm_vcpu *vcpu) > return &vcpu->kvm->arch.hyperv.hv_syndbg; > } > > +static inline struct kvm_vcpu *kvm_hv_get_vtl_vcpu(struct kvm_vcpu *vcpu, int vtl) > +{ > + struct kvm *kvm = vcpu->kvm; > + u32 target_id = kvm_apic_id(vcpu); > + > + kvm_apic_id_set_group(kvm, vtl, &target_id); > + if (vcpu->vcpu_id == target_id) > + return vcpu; > + > + return kvm_get_vcpu_by_id(kvm, target_id); > +} > + > +static inline u8 kvm_hv_get_active_vtl(struct kvm_vcpu *vcpu) > +{ > + return kvm_apic_group(vcpu); > +} > + > static inline u32 kvm_hv_get_vpindex(struct kvm_vcpu *vcpu) > { > struct kvm_vcpu_hv *hv_vcpu = to_hv_vcpu(vcpu); Ideally I'll prefer the kernel to not know the VTL mapping at all but rather, that each vCPU be assigned to an apic group / namespace and has its assigned VTL. Then the kernel works in this way: * Regular APIC IPI -> send it to the apic namespace to which the sender belongs or if we go with the idea of using multiple VMs, then this will work unmodified. * Hardware interrupt -> send it to the vCPU/VM which userspace configured it to send via GSI mappings. * HyperV IPI -> if same VTL as the vCPU assigned VTL -> deal with it the same as with regular IPI -> otherwise exit to the userspace. * Page fault -> if related to violation of current VTL protection, exit to userspace, and the userspace can then queue the SynIC message, and wakeup the higher VTL. Best regards, Maxim Levitsky
diff --git a/arch/x86/kvm/hyperv.h b/arch/x86/kvm/hyperv.h index 2bfed69ba0db..5433107e7cc8 100644 --- a/arch/x86/kvm/hyperv.h +++ b/arch/x86/kvm/hyperv.h @@ -23,6 +23,7 @@ #include <linux/kvm_host.h> #include "x86.h" +#include "lapic.h" /* "Hv#1" signature */ #define HYPERV_CPUID_SIGNATURE_EAX 0x31237648 @@ -83,6 +84,23 @@ static inline struct kvm_hv_syndbg *to_hv_syndbg(struct kvm_vcpu *vcpu) return &vcpu->kvm->arch.hyperv.hv_syndbg; } +static inline struct kvm_vcpu *kvm_hv_get_vtl_vcpu(struct kvm_vcpu *vcpu, int vtl) +{ + struct kvm *kvm = vcpu->kvm; + u32 target_id = kvm_apic_id(vcpu); + + kvm_apic_id_set_group(kvm, vtl, &target_id); + if (vcpu->vcpu_id == target_id) + return vcpu; + + return kvm_get_vcpu_by_id(kvm, target_id); +} + +static inline u8 kvm_hv_get_active_vtl(struct kvm_vcpu *vcpu) +{ + return kvm_apic_group(vcpu); +} + static inline u32 kvm_hv_get_vpindex(struct kvm_vcpu *vcpu) { struct kvm_vcpu_hv *hv_vcpu = to_hv_vcpu(vcpu);