Commit 0dbb1123 authored by Ashish Kalra's avatar Ashish Kalra Committed by Paolo Bonzini
Browse files

KVM: X86: Introduce KVM_HC_MAP_GPA_RANGE hypercall 



This hypercall is used by the SEV guest to notify a change in the page
encryption status to the hypervisor. The hypercall should be invoked
only when the encryption attribute is changed from encrypted -> decrypted
and vice versa. By default all guest pages are considered encrypted.

The hypercall exits to userspace to manage the guest shared regions and
integrate with the userspace VMM's migration code.

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: x86@kernel.org
Cc: kvm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Reviewed-by: default avatarSteve Rutherford <srutherford@google.com>
Signed-off-by: default avatarBrijesh Singh <brijesh.singh@amd.com>
Signed-off-by: default avatarAshish Kalra <ashish.kalra@amd.com>
Co-developed-by: default avatarSean Christopherson <seanjc@google.com>
Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
Co-developed-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
Message-Id: <90778988e1ee01926ff9cac447aacb745f954c8c.1623174621.git.ashish.kalra@amd.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent e3cb6fa0

Documentation/virt/kvm/api.rst

+19 −0
Original line number Original line Diff line number Diff line
@@ -6950,3 +6950,22 @@ guest according to the bits Hyper-V CPUID feature leaves. Otherwise, all 
currently implmented Hyper-V features are provided unconditionally when

currently implmented Hyper-V features are provided unconditionally when

Hyper-V identification is set in the HYPERV_CPUID_INTERFACE (0x40000001)

Hyper-V identification is set in the HYPERV_CPUID_INTERFACE (0x40000001)

leaf.

leaf.



8.34 KVM_CAP_EXIT_HYPERCALL

---------------------------



:Capability: KVM_CAP_EXIT_HYPERCALL

:Architectures: x86

:Type: vm



This capability, if enabled, will cause KVM to exit to userspace

with KVM_EXIT_HYPERCALL exit reason to process some hypercalls.



Calling KVM_CHECK_EXTENSION for this capability will return a bitmask

of hypercalls that can be configured to exit to userspace.

Right now, the only such hypercall is KVM_HC_MAP_GPA_RANGE.



The argument to KVM_ENABLE_CAP is also a bitmask, and must be a subset

of the result of KVM_CHECK_EXTENSION.  KVM will forward to userspace

the hypercalls whose corresponding bit is in the argument, and return

ENOSYS for the others.

Documentation/virt/kvm/cpuid.rst

+7 −0
Original line number Original line Diff line number Diff line
@@ -96,6 +96,13 @@ KVM_FEATURE_MSI_EXT_DEST_ID 15 guest checks this feature bit 
                                               before using extended destination

                                               before using extended destination

                                               ID bits in MSI address bits 11-5.

                                               ID bits in MSI address bits 11-5.





KVM_FEATURE_HC_MAP_GPA_RANGE       16          guest checks this feature bit before

                                               using the map gpa range hypercall

                                               to notify the page state change



KVM_FEATURE_MIGRATION_CONTROL      17          guest checks this feature bit before

                                               using MSR_KVM_MIGRATION_CONTROL



KVM_FEATURE_CLOCKSOURCE_STABLE_BIT 24          host will warn if no guest-side

KVM_FEATURE_CLOCKSOURCE_STABLE_BIT 24          host will warn if no guest-side

                                               per-cpu warps are expected in

                                               per-cpu warps are expected in

                                               kvmclock

                                               kvmclock

Documentation/virt/kvm/hypercalls.rst

+21 −0
Original line number Original line Diff line number Diff line
@@ -169,3 +169,24 @@ a0: destination APIC ID 




:Usage example: When sending a call-function IPI-many to vCPUs, yield if

:Usage example: When sending a call-function IPI-many to vCPUs, yield if

	        any of the IPI target vCPUs was preempted.

	        any of the IPI target vCPUs was preempted.



8. KVM_HC_MAP_GPA_RANGE

-------------------------

:Architecture: x86

:Status: active

:Purpose: Request KVM to map a GPA range with the specified attributes.



a0: the guest physical address of the start page

a1: the number of (4kb) pages (must be contiguous in GPA space)

a2: attributes



    Where 'attributes' :

        * bits  3:0 - preferred page size encoding 0 = 4kb, 1 = 2mb, 2 = 1gb, etc...

        * bit     4 - plaintext = 0, encrypted = 1

        * bits 63:5 - reserved (must be zero)



**Implementation note**: this hypercall is implemented in userspace via

the KVM_CAP_EXIT_HYPERCALL capability. Userspace must enable that capability

before advertising KVM_FEATURE_HC_MAP_GPA_RANGE in the guest CPUID.  In

addition, if the guest supports KVM_FEATURE_MIGRATION_CONTROL, userspace

must also set up an MSR filter to process writes to MSR_KVM_MIGRATION_CONTROL.

Documentation/virt/kvm/msr.rst

+13 −0
Original line number Original line Diff line number Diff line
@@ -376,3 +376,16 @@ data: 
	write '1' to bit 0 of the MSR, this causes the host to re-scan its queue

	write '1' to bit 0 of the MSR, this causes the host to re-scan its queue

	and check if there are more notifications pending. The MSR is available

	and check if there are more notifications pending. The MSR is available

	if KVM_FEATURE_ASYNC_PF_INT is present in CPUID.

	if KVM_FEATURE_ASYNC_PF_INT is present in CPUID.



MSR_KVM_MIGRATION_CONTROL:

        0x4b564d08



data:

        This MSR is available if KVM_FEATURE_MIGRATION_CONTROL is present in

        CPUID.  Bit 0 represents whether live migration of the guest is allowed.



        When a guest is started, bit 0 will be 0 if the guest has encrypted

        memory and 1 if the guest does not have encrypted memory.  If the

        guest is communicating page encryption status to the host using the

        ``KVM_HC_MAP_GPA_RANGE`` hypercall, it can set bit 0 in this MSR to

        allow live migration of the guest.

arch/x86/include/asm/kvm_host.h

+2 −0
Original line number Original line Diff line number Diff line
@@ -1087,6 +1087,8 @@ struct kvm_arch { 
	u32 user_space_msr_mask;

	u32 user_space_msr_mask;

	struct kvm_x86_msr_filter __rcu *msr_filter;

	struct kvm_x86_msr_filter __rcu *msr_filter;





	u32 hypercall_exit_enabled;



	/* Guest can access the SGX PROVISIONKEY. */

	/* Guest can access the SGX PROVISIONKEY. */

	bool sgx_provisioning_allowed;

	bool sgx_provisioning_allowed;