| Message ID | 20191015143610.31857-3-Tianyu.Lan@microsoft.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | target/i386/kvm: Add Hyper-V direct tlb flush support | expand |
lantianyu1986@gmail.com writes: > From: Tianyu Lan <Tianyu.Lan@microsoft.com> > > Hyper-V direct tlb flush targets KVM on Hyper-V guest. > Enable direct TLB flush for its guests meaning that TLB > flush hypercalls are handled by Level 0 hypervisor (Hyper-V) > bypassing KVM in Level 1. Due to the different ABI for hypercall > parameters between Hyper-V and KVM, KVM capabilities should be > hidden when enable Hyper-V direct tlb flush otherwise KVM > hypercalls may be intercepted by Hyper-V. Add new parameter > "hv-direct-tlbflush". Check expose_kvm and Hyper-V tlb flush > capability status before enabling the feature. > > Signed-off-by: Tianyu Lan <Tianyu.Lan@microsoft.com> > --- > Change since V1: > - Add direct tlb flush's Hyper-V property and use > hv_cpuid_check_and_set() to check the dependency of tlbflush > feature. > - Make new feature work with Hyper-V passthrough mode. > --- > docs/hyperv.txt | 12 ++++++++++++ > target/i386/cpu.c | 2 ++ > target/i386/cpu.h | 1 + > target/i386/kvm.c | 23 +++++++++++++++++++++++ > 4 files changed, 38 insertions(+) > > diff --git a/docs/hyperv.txt b/docs/hyperv.txt > index 8fdf25c829..ceab8c21fe 100644 > --- a/docs/hyperv.txt > +++ b/docs/hyperv.txt > @@ -184,6 +184,18 @@ enabled. > > Requires: hv-vpindex, hv-synic, hv-time, hv-stimer > > +3.18. hv-direct-tlbflush > +======================= > +The enlightenment targets KVM on Hyper-V guest. Enable direct TLB flush for > +its guests meaning that TLB flush hypercalls are handled by Level 0 hypervisor > +(Hyper-V) bypassing KVM in Level 1. Due to the different ABI for hypercall > +parameters between Hyper-V and KVM, enabling this capability effectively > +disables all hypercall handling by KVM (as some KVM hypercall may be mistakenly > +treated as TLB flush hypercalls by Hyper-V). So kvm capability should not show > +to guest when enable this capability. If not, user will fail to enable this > +capability. My take: "Enable direct TLB flush for KVM when it is running as a nested hypervisor on top Hyper-V. When enabled, TLB flush hypercalls from L2 guests are being passed through to L0 (Hyper-V) for handling. Due to ABI differences between Hyper-V and KVM hypercalls, L2 guests will not be able to issue KVM hypercalls (as those could be mishanled by L0 Hyper-V), this requires KVM hypervisor signature to be hidden." It would be great if someone who doesn't know that the feature is would read these two paragraphs and tell us how they sound :-) > + > +Requires: hv-tlbflush, -kvm > > 4. Development features > ======================== > diff --git a/target/i386/cpu.c b/target/i386/cpu.c > index 44f1bbdcac..7bc7fee512 100644 > --- a/target/i386/cpu.c > +++ b/target/i386/cpu.c > @@ -6156,6 +6156,8 @@ static Property x86_cpu_properties[] = { > HYPERV_FEAT_IPI, 0), > DEFINE_PROP_BIT64("hv-stimer-direct", X86CPU, hyperv_features, > HYPERV_FEAT_STIMER_DIRECT, 0), > + DEFINE_PROP_BIT64("hv-direct-tlbflush", X86CPU, hyperv_features, > + HYPERV_FEAT_DIRECT_TLBFLUSH, 0), > DEFINE_PROP_BOOL("hv-passthrough", X86CPU, hyperv_passthrough, false), > > DEFINE_PROP_BOOL("check", X86CPU, check_cpuid, true), > diff --git a/target/i386/cpu.h b/target/i386/cpu.h > index eaa5395aa5..3cb105f7d6 100644 > --- a/target/i386/cpu.h > +++ b/target/i386/cpu.h > @@ -907,6 +907,7 @@ typedef uint64_t FeatureWordArray[FEATURE_WORDS]; > #define HYPERV_FEAT_EVMCS 12 > #define HYPERV_FEAT_IPI 13 > #define HYPERV_FEAT_STIMER_DIRECT 14 > +#define HYPERV_FEAT_DIRECT_TLBFLUSH 15 > > #ifndef HYPERV_SPINLOCK_NEVER_RETRY > #define HYPERV_SPINLOCK_NEVER_RETRY 0xFFFFFFFF > diff --git a/target/i386/kvm.c b/target/i386/kvm.c > index 11b9c854b5..7e0fbc730e 100644 > --- a/target/i386/kvm.c > +++ b/target/i386/kvm.c > @@ -900,6 +900,10 @@ static struct { > }, > .dependencies = BIT(HYPERV_FEAT_STIMER) > }, > + [HYPERV_FEAT_DIRECT_TLBFLUSH] = { > + .desc = "direct tlbflush (hv-direct-tlbflush)", "direct TLB flush" (to be consistent with "paravirtualized TLB flush" above > + .dependencies = BIT(HYPERV_FEAT_TLBFLUSH) > + }, > }; > > static struct kvm_cpuid2 *try_get_hv_cpuid(CPUState *cs, int max) > @@ -1224,6 +1228,7 @@ static int hyperv_handle_properties(CPUState *cs, > r |= hv_cpuid_check_and_set(cs, cpuid, HYPERV_FEAT_EVMCS); > r |= hv_cpuid_check_and_set(cs, cpuid, HYPERV_FEAT_IPI); > r |= hv_cpuid_check_and_set(cs, cpuid, HYPERV_FEAT_STIMER_DIRECT); > + r |= hv_cpuid_check_and_set(cs, cpuid, HYPERV_FEAT_DIRECT_TLBFLUSH); > > /* Additional dependencies not covered by kvm_hyperv_properties[] */ > if (hyperv_feat_enabled(cpu, HYPERV_FEAT_SYNIC) && > @@ -1243,6 +1248,24 @@ static int hyperv_handle_properties(CPUState *cs, > goto free; > } > > + if (hyperv_feat_enabled(cpu, HYPERV_FEAT_DIRECT_TLBFLUSH) || > + cpu->hyperv_passthrough) { > + if (!cpu->expose_kvm) { > + r = kvm_vcpu_enable_cap(cs, KVM_CAP_HYPERV_DIRECT_TLBFLUSH, 0, 0); > + if (hyperv_feat_enabled(cpu, HYPERV_FEAT_DIRECT_TLBFLUSH) && r) { > + fprintf(stderr, > + "Hyper-V %s is not supported by kernel\n", > + kvm_hyperv_properties[HYPERV_FEAT_DIRECT_TLBFLUSH].desc); > + return -ENOSYS; > + } > + } else if (!cpu->hyperv_passthrough) { > + fprintf(stderr, > + "Hyper-V %s requires not to expose KVM capabilities.\n", My take: "... requires KVM hypervisor signature to be hidden (-kvm)." > + kvm_hyperv_properties[HYPERV_FEAT_DIRECT_TLBFLUSH].desc); > + return -ENOSYS; > + } > + } Thanks, the check looks correct to me now. > + > if (cpu->hyperv_passthrough) { > /* We already copied all feature words from KVM as is */ > r = cpuid->nent;
diff --git a/docs/hyperv.txt b/docs/hyperv.txt index 8fdf25c829..ceab8c21fe 100644 --- a/docs/hyperv.txt +++ b/docs/hyperv.txt @@ -184,6 +184,18 @@ enabled. Requires: hv-vpindex, hv-synic, hv-time, hv-stimer +3.18. hv-direct-tlbflush +======================= +The enlightenment targets KVM on Hyper-V guest. Enable direct TLB flush for +its guests meaning that TLB flush hypercalls are handled by Level 0 hypervisor +(Hyper-V) bypassing KVM in Level 1. Due to the different ABI for hypercall +parameters between Hyper-V and KVM, enabling this capability effectively +disables all hypercall handling by KVM (as some KVM hypercall may be mistakenly +treated as TLB flush hypercalls by Hyper-V). So kvm capability should not show +to guest when enable this capability. If not, user will fail to enable this +capability. + +Requires: hv-tlbflush, -kvm 4. Development features ======================== diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 44f1bbdcac..7bc7fee512 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -6156,6 +6156,8 @@ static Property x86_cpu_properties[] = { HYPERV_FEAT_IPI, 0), DEFINE_PROP_BIT64("hv-stimer-direct", X86CPU, hyperv_features, HYPERV_FEAT_STIMER_DIRECT, 0), + DEFINE_PROP_BIT64("hv-direct-tlbflush", X86CPU, hyperv_features, + HYPERV_FEAT_DIRECT_TLBFLUSH, 0), DEFINE_PROP_BOOL("hv-passthrough", X86CPU, hyperv_passthrough, false), DEFINE_PROP_BOOL("check", X86CPU, check_cpuid, true), diff --git a/target/i386/cpu.h b/target/i386/cpu.h index eaa5395aa5..3cb105f7d6 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -907,6 +907,7 @@ typedef uint64_t FeatureWordArray[FEATURE_WORDS]; #define HYPERV_FEAT_EVMCS 12 #define HYPERV_FEAT_IPI 13 #define HYPERV_FEAT_STIMER_DIRECT 14 +#define HYPERV_FEAT_DIRECT_TLBFLUSH 15 #ifndef HYPERV_SPINLOCK_NEVER_RETRY #define HYPERV_SPINLOCK_NEVER_RETRY 0xFFFFFFFF diff --git a/target/i386/kvm.c b/target/i386/kvm.c index 11b9c854b5..7e0fbc730e 100644 --- a/target/i386/kvm.c +++ b/target/i386/kvm.c @@ -900,6 +900,10 @@ static struct { }, .dependencies = BIT(HYPERV_FEAT_STIMER) }, + [HYPERV_FEAT_DIRECT_TLBFLUSH] = { + .desc = "direct tlbflush (hv-direct-tlbflush)", + .dependencies = BIT(HYPERV_FEAT_TLBFLUSH) + }, }; static struct kvm_cpuid2 *try_get_hv_cpuid(CPUState *cs, int max) @@ -1224,6 +1228,7 @@ static int hyperv_handle_properties(CPUState *cs, r |= hv_cpuid_check_and_set(cs, cpuid, HYPERV_FEAT_EVMCS); r |= hv_cpuid_check_and_set(cs, cpuid, HYPERV_FEAT_IPI); r |= hv_cpuid_check_and_set(cs, cpuid, HYPERV_FEAT_STIMER_DIRECT); + r |= hv_cpuid_check_and_set(cs, cpuid, HYPERV_FEAT_DIRECT_TLBFLUSH); /* Additional dependencies not covered by kvm_hyperv_properties[] */ if (hyperv_feat_enabled(cpu, HYPERV_FEAT_SYNIC) && @@ -1243,6 +1248,24 @@ static int hyperv_handle_properties(CPUState *cs, goto free; } + if (hyperv_feat_enabled(cpu, HYPERV_FEAT_DIRECT_TLBFLUSH) || + cpu->hyperv_passthrough) { + if (!cpu->expose_kvm) { + r = kvm_vcpu_enable_cap(cs, KVM_CAP_HYPERV_DIRECT_TLBFLUSH, 0, 0); + if (hyperv_feat_enabled(cpu, HYPERV_FEAT_DIRECT_TLBFLUSH) && r) { + fprintf(stderr, + "Hyper-V %s is not supported by kernel\n", + kvm_hyperv_properties[HYPERV_FEAT_DIRECT_TLBFLUSH].desc); + return -ENOSYS; + } + } else if (!cpu->hyperv_passthrough) { + fprintf(stderr, + "Hyper-V %s requires not to expose KVM capabilities.\n", + kvm_hyperv_properties[HYPERV_FEAT_DIRECT_TLBFLUSH].desc); + return -ENOSYS; + } + } + if (cpu->hyperv_passthrough) { /* We already copied all feature words from KVM as is */ r = cpuid->nent;