diff mbox series

[v3,33/33] KVM: PPC: Book3S HV: Add a VM capability to enable nested virtualization

Message ID 1538479892-14835-34-git-send-email-paulus@ozlabs.org (mailing list archive)
State New, archived
Headers show
Series KVM: PPC: Book3S HV: Nested HV virtualization | expand

Commit Message

Paul Mackerras Oct. 2, 2018, 11:31 a.m. UTC
With this, userspace can enable a KVM-HV guest to run nested guests
under it.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
---
 Documentation/virtual/kvm/api.txt  | 14 ++++++++++++++
 arch/powerpc/include/asm/kvm_ppc.h |  1 +
 arch/powerpc/kvm/book3s_hv.c       | 17 +++++++++++++++++
 arch/powerpc/kvm/powerpc.c         | 12 ++++++++++++
 include/uapi/linux/kvm.h           |  1 +
 5 files changed, 45 insertions(+)

Comments

David Gibson Oct. 3, 2018, 6:21 a.m. UTC | #1
On Tue, Oct 02, 2018 at 09:31:32PM +1000, Paul Mackerras wrote:
> With this, userspace can enable a KVM-HV guest to run nested guests
> under it.
> 
> Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
> ---
>  Documentation/virtual/kvm/api.txt  | 14 ++++++++++++++
>  arch/powerpc/include/asm/kvm_ppc.h |  1 +
>  arch/powerpc/kvm/book3s_hv.c       | 17 +++++++++++++++++
>  arch/powerpc/kvm/powerpc.c         | 12 ++++++++++++
>  include/uapi/linux/kvm.h           |  1 +
>  5 files changed, 45 insertions(+)
> 
> diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt
> index 017d851..a2d4832 100644
> --- a/Documentation/virtual/kvm/api.txt
> +++ b/Documentation/virtual/kvm/api.txt
> @@ -4522,6 +4522,20 @@ hpage module parameter is not set to 1, -EINVAL is returned.
>  While it is generally possible to create a huge page backed VM without
>  this capability, the VM will not be able to run.
>  
> +7.15 KVM_CAP_PPC_NESTED_HV
> +
> +Architectures: ppc
> +Parameters: enable flag (0 to disable, non-zero to enable)
> +Returns: 0 on success, -EINVAL when the implementation doesn't support
> +nested-HV virtualization.
> +
> +HV-KVM on POWER9 and later systems allows for "nested-HV"
> +virtualization, which provides a way for a guest VM to run guests that
> +can run using the CPU's supervisor mode (privileged non-hypervisor
> +state).  Enabling this capability on a VM depends on the CPU having
> +the necessary functionality and on the facility being enabled with a
> +kvm-hv module parameter.
> +
>  8. Other capabilities.
>  ----------------------
>  
> diff --git a/arch/powerpc/include/asm/kvm_ppc.h b/arch/powerpc/include/asm/kvm_ppc.h
> index 245e564..80f0091 100644
> --- a/arch/powerpc/include/asm/kvm_ppc.h
> +++ b/arch/powerpc/include/asm/kvm_ppc.h
> @@ -327,6 +327,7 @@ struct kvmppc_ops {
>  	int (*set_smt_mode)(struct kvm *kvm, unsigned long mode,
>  			    unsigned long flags);
>  	void (*giveup_ext)(struct kvm_vcpu *vcpu, ulong msr);
> +	int (*enable_nested)(struct kvm *kvm, bool enable);
>  };
>  
>  extern struct kvmppc_ops *kvmppc_hv_ops;
> diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
> index 196bff1..a5b3862 100644
> --- a/arch/powerpc/kvm/book3s_hv.c
> +++ b/arch/powerpc/kvm/book3s_hv.c
> @@ -118,6 +118,11 @@ module_param_cb(h_ipi_redirect, &module_param_ops, &h_ipi_redirect, 0644);
>  MODULE_PARM_DESC(h_ipi_redirect, "Redirect H_IPI wakeup to a free host core");
>  #endif
>  
> +/* If set, guests are allowed to create and control nested guests */
> +static bool enable_nested = true;
> +module_param(enable_nested, bool, S_IRUGO | S_IWUSR);
> +MODULE_PARM_DESC(enable_nested, "Enable nested virtualization (only on POWER9)");

I'd suggest calling the module parameter just "nested" to match x86.

>  /* If set, the threads on each CPU core have to be in the same MMU mode */
>  static bool no_mixing_hpt_and_radix;
>  
> @@ -5188,6 +5193,17 @@ static int kvmhv_configure_mmu(struct kvm *kvm, struct kvm_ppc_mmuv3_cfg *cfg)
>  	return err;
>  }
>  
> +static int kvmhv_enable_nested(struct kvm *kvm, bool enable)
> +{
> +	if (!(enable_nested && cpu_has_feature(CPU_FTR_ARCH_300)))
> +		return -EINVAL;

Maybe EPERM, rather than EINVAL.  There's nothing invalid about the
ioctl() parameters - we just can't do what they want.

> +
> +	/* kvm == NULL means the caller is testing if the capability exists */
> +	if (kvm)
> +		kvm->arch.nested_enable = enable;
> +	return 0;
> +}
> +
>  static struct kvmppc_ops kvm_ops_hv = {
>  	.get_sregs = kvm_arch_vcpu_ioctl_get_sregs_hv,
>  	.set_sregs = kvm_arch_vcpu_ioctl_set_sregs_hv,
> @@ -5227,6 +5243,7 @@ static struct kvmppc_ops kvm_ops_hv = {
>  	.configure_mmu = kvmhv_configure_mmu,
>  	.get_rmmu_info = kvmhv_get_rmmu_info,
>  	.set_smt_mode = kvmhv_set_smt_mode,
> +	.enable_nested = kvmhv_enable_nested,
>  };
>  
>  static int kvm_init_subcore_bitmap(void)
> diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c
> index eba5756..449ae1d 100644
> --- a/arch/powerpc/kvm/powerpc.c
> +++ b/arch/powerpc/kvm/powerpc.c
> @@ -596,6 +596,10 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
>  	case KVM_CAP_PPC_MMU_HASH_V3:
>  		r = !!(hv_enabled && cpu_has_feature(CPU_FTR_ARCH_300));
>  		break;
> +	case KVM_CAP_PPC_NESTED_HV:
> +		r = !!(hv_enabled && kvmppc_hv_ops->enable_nested &&
> +		       !kvmppc_hv_ops->enable_nested(NULL, false));
> +		break;
>  #endif
>  	case KVM_CAP_SYNC_MMU:
>  #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE
> @@ -2114,6 +2118,14 @@ static int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
>  			r = kvm->arch.kvm_ops->set_smt_mode(kvm, mode, flags);
>  		break;
>  	}
> +
> +	case KVM_CAP_PPC_NESTED_HV:
> +		r = -EINVAL;
> +		if (!is_kvmppc_hv_enabled(kvm) ||
> +		    !kvm->arch.kvm_ops->enable_nested)
> +			break;
> +		r = kvm->arch.kvm_ops->enable_nested(kvm, !!cap->args[0]);
> +		break;
>  #endif
>  	default:
>  		r = -EINVAL;
> diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
> index 07548de..a6d5a46 100644
> --- a/include/uapi/linux/kvm.h
> +++ b/include/uapi/linux/kvm.h
> @@ -952,6 +952,7 @@ struct kvm_ppc_resize_hpt {
>  #define KVM_CAP_S390_HPAGE_1M 156
>  #define KVM_CAP_NESTED_STATE 157
>  #define KVM_CAP_ARM_INJECT_SERROR_ESR 158
> +#define KVM_CAP_PPC_NESTED_HV 160
>  
>  #ifdef KVM_CAP_IRQ_ROUTING
>
Paul Mackerras Oct. 4, 2018, 9:48 a.m. UTC | #2
On Wed, Oct 03, 2018 at 04:21:44PM +1000, David Gibson wrote:
> On Tue, Oct 02, 2018 at 09:31:32PM +1000, Paul Mackerras wrote:
> > With this, userspace can enable a KVM-HV guest to run nested guests
> > under it.
[snip]
> > +/* If set, guests are allowed to create and control nested guests */
> > +static bool enable_nested = true;
> > +module_param(enable_nested, bool, S_IRUGO | S_IWUSR);
> > +MODULE_PARM_DESC(enable_nested, "Enable nested virtualization (only on POWER9)");
> 
> I'd suggest calling the module parameter just "nested" to match x86.

OK.

> >  /* If set, the threads on each CPU core have to be in the same MMU mode */
> >  static bool no_mixing_hpt_and_radix;
> >  
> > @@ -5188,6 +5193,17 @@ static int kvmhv_configure_mmu(struct kvm *kvm, struct kvm_ppc_mmuv3_cfg *cfg)
> >  	return err;
> >  }
> >  
> > +static int kvmhv_enable_nested(struct kvm *kvm, bool enable)
> > +{
> > +	if (!(enable_nested && cpu_has_feature(CPU_FTR_ARCH_300)))
> > +		return -EINVAL;
> 
> Maybe EPERM, rather than EINVAL.  There's nothing invalid about the
> ioctl() parameters - we just can't do what they want.

Just for pedantry's sake, I'll make it EPERM for !enable_nested and
ENODEV for !POWER9. :)

Paul.
David Gibson Oct. 5, 2018, 3:29 a.m. UTC | #3
On Thu, Oct 04, 2018 at 07:48:26PM +1000, Paul Mackerras wrote:
> On Wed, Oct 03, 2018 at 04:21:44PM +1000, David Gibson wrote:
> > On Tue, Oct 02, 2018 at 09:31:32PM +1000, Paul Mackerras wrote:
> > > With this, userspace can enable a KVM-HV guest to run nested guests
> > > under it.
> [snip]
> > > +/* If set, guests are allowed to create and control nested guests */
> > > +static bool enable_nested = true;
> > > +module_param(enable_nested, bool, S_IRUGO | S_IWUSR);
> > > +MODULE_PARM_DESC(enable_nested, "Enable nested virtualization (only on POWER9)");
> > 
> > I'd suggest calling the module parameter just "nested" to match x86.
> 
> OK.
> 
> > >  /* If set, the threads on each CPU core have to be in the same MMU mode */
> > >  static bool no_mixing_hpt_and_radix;
> > >  
> > > @@ -5188,6 +5193,17 @@ static int kvmhv_configure_mmu(struct kvm *kvm, struct kvm_ppc_mmuv3_cfg *cfg)
> > >  	return err;
> > >  }
> > >  
> > > +static int kvmhv_enable_nested(struct kvm *kvm, bool enable)
> > > +{
> > > +	if (!(enable_nested && cpu_has_feature(CPU_FTR_ARCH_300)))
> > > +		return -EINVAL;
> > 
> > Maybe EPERM, rather than EINVAL.  There's nothing invalid about the
> > ioctl() parameters - we just can't do what they want.
> 
> Just for pedantry's sake, I'll make it EPERM for !enable_nested and
> ENODEV for !POWER9. :)

Sounds fair.
diff mbox series

Patch

diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt
index 017d851..a2d4832 100644
--- a/Documentation/virtual/kvm/api.txt
+++ b/Documentation/virtual/kvm/api.txt
@@ -4522,6 +4522,20 @@  hpage module parameter is not set to 1, -EINVAL is returned.
 While it is generally possible to create a huge page backed VM without
 this capability, the VM will not be able to run.
 
+7.15 KVM_CAP_PPC_NESTED_HV
+
+Architectures: ppc
+Parameters: enable flag (0 to disable, non-zero to enable)
+Returns: 0 on success, -EINVAL when the implementation doesn't support
+nested-HV virtualization.
+
+HV-KVM on POWER9 and later systems allows for "nested-HV"
+virtualization, which provides a way for a guest VM to run guests that
+can run using the CPU's supervisor mode (privileged non-hypervisor
+state).  Enabling this capability on a VM depends on the CPU having
+the necessary functionality and on the facility being enabled with a
+kvm-hv module parameter.
+
 8. Other capabilities.
 ----------------------
 
diff --git a/arch/powerpc/include/asm/kvm_ppc.h b/arch/powerpc/include/asm/kvm_ppc.h
index 245e564..80f0091 100644
--- a/arch/powerpc/include/asm/kvm_ppc.h
+++ b/arch/powerpc/include/asm/kvm_ppc.h
@@ -327,6 +327,7 @@  struct kvmppc_ops {
 	int (*set_smt_mode)(struct kvm *kvm, unsigned long mode,
 			    unsigned long flags);
 	void (*giveup_ext)(struct kvm_vcpu *vcpu, ulong msr);
+	int (*enable_nested)(struct kvm *kvm, bool enable);
 };
 
 extern struct kvmppc_ops *kvmppc_hv_ops;
diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
index 196bff1..a5b3862 100644
--- a/arch/powerpc/kvm/book3s_hv.c
+++ b/arch/powerpc/kvm/book3s_hv.c
@@ -118,6 +118,11 @@  module_param_cb(h_ipi_redirect, &module_param_ops, &h_ipi_redirect, 0644);
 MODULE_PARM_DESC(h_ipi_redirect, "Redirect H_IPI wakeup to a free host core");
 #endif
 
+/* If set, guests are allowed to create and control nested guests */
+static bool enable_nested = true;
+module_param(enable_nested, bool, S_IRUGO | S_IWUSR);
+MODULE_PARM_DESC(enable_nested, "Enable nested virtualization (only on POWER9)");
+
 /* If set, the threads on each CPU core have to be in the same MMU mode */
 static bool no_mixing_hpt_and_radix;
 
@@ -5188,6 +5193,17 @@  static int kvmhv_configure_mmu(struct kvm *kvm, struct kvm_ppc_mmuv3_cfg *cfg)
 	return err;
 }
 
+static int kvmhv_enable_nested(struct kvm *kvm, bool enable)
+{
+	if (!(enable_nested && cpu_has_feature(CPU_FTR_ARCH_300)))
+		return -EINVAL;
+
+	/* kvm == NULL means the caller is testing if the capability exists */
+	if (kvm)
+		kvm->arch.nested_enable = enable;
+	return 0;
+}
+
 static struct kvmppc_ops kvm_ops_hv = {
 	.get_sregs = kvm_arch_vcpu_ioctl_get_sregs_hv,
 	.set_sregs = kvm_arch_vcpu_ioctl_set_sregs_hv,
@@ -5227,6 +5243,7 @@  static struct kvmppc_ops kvm_ops_hv = {
 	.configure_mmu = kvmhv_configure_mmu,
 	.get_rmmu_info = kvmhv_get_rmmu_info,
 	.set_smt_mode = kvmhv_set_smt_mode,
+	.enable_nested = kvmhv_enable_nested,
 };
 
 static int kvm_init_subcore_bitmap(void)
diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c
index eba5756..449ae1d 100644
--- a/arch/powerpc/kvm/powerpc.c
+++ b/arch/powerpc/kvm/powerpc.c
@@ -596,6 +596,10 @@  int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
 	case KVM_CAP_PPC_MMU_HASH_V3:
 		r = !!(hv_enabled && cpu_has_feature(CPU_FTR_ARCH_300));
 		break;
+	case KVM_CAP_PPC_NESTED_HV:
+		r = !!(hv_enabled && kvmppc_hv_ops->enable_nested &&
+		       !kvmppc_hv_ops->enable_nested(NULL, false));
+		break;
 #endif
 	case KVM_CAP_SYNC_MMU:
 #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE
@@ -2114,6 +2118,14 @@  static int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
 			r = kvm->arch.kvm_ops->set_smt_mode(kvm, mode, flags);
 		break;
 	}
+
+	case KVM_CAP_PPC_NESTED_HV:
+		r = -EINVAL;
+		if (!is_kvmppc_hv_enabled(kvm) ||
+		    !kvm->arch.kvm_ops->enable_nested)
+			break;
+		r = kvm->arch.kvm_ops->enable_nested(kvm, !!cap->args[0]);
+		break;
 #endif
 	default:
 		r = -EINVAL;
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index 07548de..a6d5a46 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -952,6 +952,7 @@  struct kvm_ppc_resize_hpt {
 #define KVM_CAP_S390_HPAGE_1M 156
 #define KVM_CAP_NESTED_STATE 157
 #define KVM_CAP_ARM_INJECT_SERROR_ESR 158
+#define KVM_CAP_PPC_NESTED_HV 160
 
 #ifdef KVM_CAP_IRQ_ROUTING