| Message ID | 20231108111806.92604-8-nsaenz@amazon.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:aa0b:0:b0:403:3b70:6f57 with SMTP id k11csp842953vqo;
Wed, 8 Nov 2023 03:21:58 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IELQnXZ+4gkI3pbTzIDSuokeTwo5NiKb0TKJ06JUI42dgvmsEhWEndm/38lm1bQY3/PlxsT
X-Received: by 2002:a05:6358:7245:b0:169:9859:ccc3 with SMTP id
i5-20020a056358724500b001699859ccc3mr1173307rwa.12.1699442518094;
Wed, 08 Nov 2023 03:21:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1699442518; cv=none;
d=google.com; s=arc-20160816;
b=AE9ZwMBklh5vLQo7ZAUzhYZ4t5eoKYFSfDCkiouy6N7I0a3IcjG6kEbolXW4ebU9Kp
6WOg6vEM2lTxynKl7ObiMxa7mIh5fVK8MB4xDfRO6hBeCsuSaQfhbiSf6Ev8dLGnQyoU
mgufL43pl+nQ1/atESOXdqgEhiJnWjBeWmpiXHb8qrl/xjdPVUKSL1iEOclxeJvnPGmi
ZplatsOvHAiBDEgoXisGRUVSNm6A77q6/ZH3xzl5QpocPToGt8hllul7bR8I2N+tdubN
h5kzZXFWQrxRiHNqLYyMarkZxjZbi5xtoh1b8GpJMRb/vY2OSysMCRxZCD+QxchFadAF
tNrg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=LwvxkM973QXPotqf1BmHlmaFhGY0KPkEa30ixGz574A=;
fh=Qdq7NqGm5JR9LpctBpXjoRI38Lb2mCk6xy26GEDp1Bg=;
b=RIiyGluKdoCpjC/j00FhGDzAGbXtiDID5Nh74QJnGRpy5Awfbw96rBWPgN/9yPCTUX
f0XZXHp5GQKDKCfFVSZMl4G34CTvntQL9zl/XhIFUXYuZnyeSQkfxSr7to/23mm+422g
ZHNv1VUhLYhQmC6RMLwjRKLO1fQ4aIbn4++EdgzbT2VXSrQWRFbwHhT/JWIivOOJ7+di
9kaRbwrMLCr2cZ/bpreTh8X8zb4xrbvtbQK9KBU+8LHhZTV9uEXCuGo6JEDvoo5eJvwB
NXk7G9Qwv2n1DFKpozW3GbWRyfq4Fg9MC32gnEA5eQhWzxK3Nyt0PVEjeCP9H/5vDQw9
XWBg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=sE+JHi5R;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.33 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com
Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33])
by mx.google.com with ESMTPS id
a6-20020a656046000000b005859c81f1e9si5078475pgp.229.2023.11.08.03.21.57
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 08 Nov 2023 03:21:58 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33;
Authentication-Results: mx.google.com;
dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=sE+JHi5R;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.33 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by lipwig.vger.email (Postfix) with ESMTP id 8A5FD808463B;
Wed, 8 Nov 2023 03:20:47 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1344598AbjKHLUH (ORCPT <rfc822;jaysivo@gmail.com> + 32 others);
Wed, 8 Nov 2023 06:20:07 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56098 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1344455AbjKHLT4 (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 8 Nov 2023 06:19:56 -0500
Received: from smtp-fw-52004.amazon.com (smtp-fw-52004.amazon.com
[52.119.213.154])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D1FAE1BD4;
Wed, 8 Nov 2023 03:19:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209;
t=1699442395; x=1730978395;
h=from:to:cc:subject:date:message-id:in-reply-to:
references:mime-version:content-transfer-encoding;
bh=LwvxkM973QXPotqf1BmHlmaFhGY0KPkEa30ixGz574A=;
b=sE+JHi5RRfWD6k0hVhdwIFulDOEIzbEvBk1b20Dtzd+LgoeZDDXT9ZP1
rK/bYKS8hJlfuxIMXlpuQXE+F0CufSmv3NYAAFrFYY4cesWml5X+UXPTa
83aWhUFHSCCL1xxv2imR9frXrfMK5SvUJ0bjsPDxo6zGpfALx9bFAhamv
0=;
X-IronPort-AV: E=Sophos;i="6.03,286,1694736000";
d="scan'208";a="164958920"
Received: from iad12-co-svc-p1-lb1-vlan2.amazon.com (HELO
email-inbound-relay-iad-1a-m6i4x-b5bd57cf.us-east-1.amazon.com) ([10.43.8.2])
by smtp-border-fw-52004.iad7.amazon.com with
ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Nov 2023 11:19:53 +0000
Received: from smtpout.prod.us-east-1.prod.farcaster.email.amazon.dev
(iad7-ws-svc-p70-lb3-vlan3.iad.amazon.com [10.32.235.38])
by email-inbound-relay-iad-1a-m6i4x-b5bd57cf.us-east-1.amazon.com
(Postfix) with ESMTPS id DDFEC48DA2;
Wed, 8 Nov 2023 11:19:49 +0000 (UTC)
Received: from EX19MTAEUC001.ant.amazon.com [10.0.10.100:37568]
by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.45.210:2525]
with esmtp (Farcaster)
id b100eba5-8ee9-421b-9077-66ac2c5bb9c6; Wed, 8 Nov 2023 11:19:48 +0000 (UTC)
X-Farcaster-Flow-ID: b100eba5-8ee9-421b-9077-66ac2c5bb9c6
Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by
EX19MTAEUC001.ant.amazon.com (10.252.51.155) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1118.39; Wed, 8 Nov 2023 11:19:42 +0000
Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138)
by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1118.39; Wed, 8 Nov 2023 11:19:38 +0000
From: Nicolas Saenz Julienne <nsaenz@amazon.com>
To: <kvm@vger.kernel.org>
CC: <linux-kernel@vger.kernel.org>, <linux-hyperv@vger.kernel.org>,
<pbonzini@redhat.com>, <seanjc@google.com>, <vkuznets@redhat.com>,
<anelkz@amazon.com>, <graf@amazon.com>, <dwmw@amazon.co.uk>,
<jgowans@amazon.com>, <corbert@lwn.net>, <kys@microsoft.com>,
<haiyangz@microsoft.com>, <decui@microsoft.com>, <x86@kernel.org>,
<linux-doc@vger.kernel.org>,
Nicolas Saenz Julienne <nsaenz@amazon.com>
Subject: [RFC 07/33] KVM: x86: hyper-v: Introduce KVM_CAP_HYPERV_VSM
Date: Wed, 8 Nov 2023 11:17:40 +0000
Message-ID: <20231108111806.92604-8-nsaenz@amazon.com>
X-Mailer: git-send-email 2.40.1
In-Reply-To: <20231108111806.92604-1-nsaenz@amazon.com>
References: <20231108111806.92604-1-nsaenz@amazon.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Originating-IP: [10.13.235.138]
X-ClientProxiedBy: EX19D033UWC002.ant.amazon.com (10.13.139.196) To
EX19D004EUC001.ant.amazon.com (10.252.51.190)
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]);
Wed, 08 Nov 2023 03:20:47 -0800 (PST)
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,
UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no
version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1781994638081353800
X-GMAIL-MSGID: 1781994638081353800
|
| Series |
KVM: x86: hyperv: Introduce VSM support
|
|
Commit Message
Nicolas Saenz Julienne
Nov. 8, 2023, 11:17 a.m. UTC
Introduce a new capability to enable Hyper-V Virtual Secure Mode (VSM)
emulation support.
Signed-off-by: Nicolas Saenz Julienne <nsaenz@amazon.com>
---
arch/x86/include/asm/kvm_host.h | 2 ++
arch/x86/kvm/hyperv.h | 5 +++++
arch/x86/kvm/x86.c | 5 +++++
include/uapi/linux/kvm.h | 1 +
4 files changed, 13 insertions(+)
Comments
On Wed, 2023-11-08 at 11:17 +0000, Nicolas Saenz Julienne wrote: > Introduce a new capability to enable Hyper-V Virtual Secure Mode (VSM) > emulation support. > > Signed-off-by: Nicolas Saenz Julienne <nsaenz@amazon.com> > --- > arch/x86/include/asm/kvm_host.h | 2 ++ > arch/x86/kvm/hyperv.h | 5 +++++ > arch/x86/kvm/x86.c | 5 +++++ > include/uapi/linux/kvm.h | 1 + > 4 files changed, 13 insertions(+) > > diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h > index 00cd21b09f8c..7712e31b7537 100644 > --- a/arch/x86/include/asm/kvm_host.h > +++ b/arch/x86/include/asm/kvm_host.h > @@ -1118,6 +1118,8 @@ struct kvm_hv { > > struct hv_partition_assist_pg *hv_pa_pg; > struct kvm_hv_syndbg hv_syndbg; > + > + bool hv_enable_vsm; > }; > > struct msr_bitmap_range { > diff --git a/arch/x86/kvm/hyperv.h b/arch/x86/kvm/hyperv.h > index f83b8db72b11..2bfed69ba0db 100644 > --- a/arch/x86/kvm/hyperv.h > +++ b/arch/x86/kvm/hyperv.h > @@ -238,4 +238,9 @@ static inline int kvm_hv_verify_vp_assist(struct kvm_vcpu *vcpu) > > int kvm_hv_vcpu_flush_tlb(struct kvm_vcpu *vcpu); > > +static inline bool kvm_hv_vsm_enabled(struct kvm *kvm) > +{ > + return kvm->arch.hyperv.hv_enable_vsm; > +} > + > #endif > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 4cd3f00475c1..b0512e433032 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -4485,6 +4485,7 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) > case KVM_CAP_HYPERV_CPUID: > case KVM_CAP_HYPERV_ENFORCE_CPUID: > case KVM_CAP_SYS_HYPERV_CPUID: > + case KVM_CAP_HYPERV_VSM: > case KVM_CAP_PCI_SEGMENT: > case KVM_CAP_DEBUGREGS: > case KVM_CAP_X86_ROBUST_SINGLESTEP: > @@ -6519,6 +6520,10 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm, > } > mutex_unlock(&kvm->lock); > break; > + case KVM_CAP_HYPERV_VSM: > + kvm->arch.hyperv.hv_enable_vsm = true; > + r = 0; > + break; > default: > r = -EINVAL; > break; > diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h > index 5ce06a1eee2b..168b6ac6ebe5 100644 > --- a/include/uapi/linux/kvm.h > +++ b/include/uapi/linux/kvm.h > @@ -1226,6 +1226,7 @@ struct kvm_ppc_resize_hpt { > #define KVM_CAP_GUEST_MEMFD 233 > #define KVM_CAP_VM_TYPES 234 > #define KVM_CAP_APIC_ID_GROUPS 235 > +#define KVM_CAP_HYPERV_VSM 237 > > #ifdef KVM_CAP_IRQ_ROUTING > Do we actually need this? Can we detect if the userspace wants VSM using guest CPUID? Of course if we need to add a new ioctl or something it will have to be done together with a new capability, and since we will need at least to know a vCPU's VTL, we will probably need this capability. Best regards, Maxim Levitsky
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 00cd21b09f8c..7712e31b7537 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1118,6 +1118,8 @@ struct kvm_hv { struct hv_partition_assist_pg *hv_pa_pg; struct kvm_hv_syndbg hv_syndbg; + + bool hv_enable_vsm; }; struct msr_bitmap_range { diff --git a/arch/x86/kvm/hyperv.h b/arch/x86/kvm/hyperv.h index f83b8db72b11..2bfed69ba0db 100644 --- a/arch/x86/kvm/hyperv.h +++ b/arch/x86/kvm/hyperv.h @@ -238,4 +238,9 @@ static inline int kvm_hv_verify_vp_assist(struct kvm_vcpu *vcpu) int kvm_hv_vcpu_flush_tlb(struct kvm_vcpu *vcpu); +static inline bool kvm_hv_vsm_enabled(struct kvm *kvm) +{ + return kvm->arch.hyperv.hv_enable_vsm; +} + #endif diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 4cd3f00475c1..b0512e433032 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4485,6 +4485,7 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) case KVM_CAP_HYPERV_CPUID: case KVM_CAP_HYPERV_ENFORCE_CPUID: case KVM_CAP_SYS_HYPERV_CPUID: + case KVM_CAP_HYPERV_VSM: case KVM_CAP_PCI_SEGMENT: case KVM_CAP_DEBUGREGS: case KVM_CAP_X86_ROBUST_SINGLESTEP: @@ -6519,6 +6520,10 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm, } mutex_unlock(&kvm->lock); break; + case KVM_CAP_HYPERV_VSM: + kvm->arch.hyperv.hv_enable_vsm = true; + r = 0; + break; default: r = -EINVAL; break; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 5ce06a1eee2b..168b6ac6ebe5 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1226,6 +1226,7 @@ struct kvm_ppc_resize_hpt { #define KVM_CAP_GUEST_MEMFD 233 #define KVM_CAP_VM_TYPES 234 #define KVM_CAP_APIC_ID_GROUPS 235 +#define KVM_CAP_HYPERV_VSM 237 #ifdef KVM_CAP_IRQ_ROUTING