Message ID | 20231108111806.92604-8-nsaenz@amazon.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | KVM: x86: hyperv: Introduce VSM support | expand |
On Wed, 2023-11-08 at 11:17 +0000, Nicolas Saenz Julienne wrote: > Introduce a new capability to enable Hyper-V Virtual Secure Mode (VSM) > emulation support. > > Signed-off-by: Nicolas Saenz Julienne <nsaenz@amazon.com> > --- > arch/x86/include/asm/kvm_host.h | 2 ++ > arch/x86/kvm/hyperv.h | 5 +++++ > arch/x86/kvm/x86.c | 5 +++++ > include/uapi/linux/kvm.h | 1 + > 4 files changed, 13 insertions(+) > > diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h > index 00cd21b09f8c..7712e31b7537 100644 > --- a/arch/x86/include/asm/kvm_host.h > +++ b/arch/x86/include/asm/kvm_host.h > @@ -1118,6 +1118,8 @@ struct kvm_hv { > > struct hv_partition_assist_pg *hv_pa_pg; > struct kvm_hv_syndbg hv_syndbg; > + > + bool hv_enable_vsm; > }; > > struct msr_bitmap_range { > diff --git a/arch/x86/kvm/hyperv.h b/arch/x86/kvm/hyperv.h > index f83b8db72b11..2bfed69ba0db 100644 > --- a/arch/x86/kvm/hyperv.h > +++ b/arch/x86/kvm/hyperv.h > @@ -238,4 +238,9 @@ static inline int kvm_hv_verify_vp_assist(struct kvm_vcpu *vcpu) > > int kvm_hv_vcpu_flush_tlb(struct kvm_vcpu *vcpu); > > +static inline bool kvm_hv_vsm_enabled(struct kvm *kvm) > +{ > + return kvm->arch.hyperv.hv_enable_vsm; > +} > + > #endif > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 4cd3f00475c1..b0512e433032 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -4485,6 +4485,7 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) > case KVM_CAP_HYPERV_CPUID: > case KVM_CAP_HYPERV_ENFORCE_CPUID: > case KVM_CAP_SYS_HYPERV_CPUID: > + case KVM_CAP_HYPERV_VSM: > case KVM_CAP_PCI_SEGMENT: > case KVM_CAP_DEBUGREGS: > case KVM_CAP_X86_ROBUST_SINGLESTEP: > @@ -6519,6 +6520,10 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm, > } > mutex_unlock(&kvm->lock); > break; > + case KVM_CAP_HYPERV_VSM: > + kvm->arch.hyperv.hv_enable_vsm = true; > + r = 0; > + break; > default: > r = -EINVAL; > break; > diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h > index 5ce06a1eee2b..168b6ac6ebe5 100644 > --- a/include/uapi/linux/kvm.h > +++ b/include/uapi/linux/kvm.h > @@ -1226,6 +1226,7 @@ struct kvm_ppc_resize_hpt { > #define KVM_CAP_GUEST_MEMFD 233 > #define KVM_CAP_VM_TYPES 234 > #define KVM_CAP_APIC_ID_GROUPS 235 > +#define KVM_CAP_HYPERV_VSM 237 > > #ifdef KVM_CAP_IRQ_ROUTING > Do we actually need this? Can we detect if the userspace wants VSM using guest CPUID? Of course if we need to add a new ioctl or something it will have to be done together with a new capability, and since we will need at least to know a vCPU's VTL, we will probably need this capability. Best regards, Maxim Levitsky
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 00cd21b09f8c..7712e31b7537 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1118,6 +1118,8 @@ struct kvm_hv { struct hv_partition_assist_pg *hv_pa_pg; struct kvm_hv_syndbg hv_syndbg; + + bool hv_enable_vsm; }; struct msr_bitmap_range { diff --git a/arch/x86/kvm/hyperv.h b/arch/x86/kvm/hyperv.h index f83b8db72b11..2bfed69ba0db 100644 --- a/arch/x86/kvm/hyperv.h +++ b/arch/x86/kvm/hyperv.h @@ -238,4 +238,9 @@ static inline int kvm_hv_verify_vp_assist(struct kvm_vcpu *vcpu) int kvm_hv_vcpu_flush_tlb(struct kvm_vcpu *vcpu); +static inline bool kvm_hv_vsm_enabled(struct kvm *kvm) +{ + return kvm->arch.hyperv.hv_enable_vsm; +} + #endif diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 4cd3f00475c1..b0512e433032 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -4485,6 +4485,7 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) case KVM_CAP_HYPERV_CPUID: case KVM_CAP_HYPERV_ENFORCE_CPUID: case KVM_CAP_SYS_HYPERV_CPUID: + case KVM_CAP_HYPERV_VSM: case KVM_CAP_PCI_SEGMENT: case KVM_CAP_DEBUGREGS: case KVM_CAP_X86_ROBUST_SINGLESTEP: @@ -6519,6 +6520,10 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm, } mutex_unlock(&kvm->lock); break; + case KVM_CAP_HYPERV_VSM: + kvm->arch.hyperv.hv_enable_vsm = true; + r = 0; + break; default: r = -EINVAL; break; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 5ce06a1eee2b..168b6ac6ebe5 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1226,6 +1226,7 @@ struct kvm_ppc_resize_hpt { #define KVM_CAP_GUEST_MEMFD 233 #define KVM_CAP_VM_TYPES 234 #define KVM_CAP_APIC_ID_GROUPS 235 +#define KVM_CAP_HYPERV_VSM 237 #ifdef KVM_CAP_IRQ_ROUTING
Introduce a new capability to enable Hyper-V Virtual Secure Mode (VSM) emulation support. Signed-off-by: Nicolas Saenz Julienne <nsaenz@amazon.com> --- arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/hyperv.h | 5 +++++ arch/x86/kvm/x86.c | 5 +++++ include/uapi/linux/kvm.h | 1 + 4 files changed, 13 insertions(+)