Commit 5fbff260 authored by Chang S. Bae's avatar Chang S. Bae Committed by Dave Hansen
Browse files

Documentation/x86: Explain the state component permission for guests 



Commit 980fe2fd ("x86/fpu: Extend fpu_xstate_prctl() with guest
permissions") extends a couple of arch_prctl(2) options for VCPU threads.
Add description for them.

Signed-off-by: default avatarChang S. Bae <chang.seok.bae@intel.com>
Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: default avatarThiago Macieira <thiago.macieira@intel.com>
Reviewed-by: default avatarYang Zhong <yang.zhong@intel.com>
Reviewed-by: default avatarTony Luck <tony.luck@intel.com>
Link: https://lore.kernel.org/all/20230121001900.14900-5-chang.seok.bae%40intel.com
parent 7f9daaf5

Documentation/x86/xstate.rst

+29 −0
Original line number Diff line number Diff line
@@ -143,3 +143,32 @@ entry if the feature is in its initial configuration. This differs from 
non-dynamic features which are always written regardless of their

configuration.  Signal handlers can examine the XSAVE buffer's XSTATE_BV

field to determine if a features was written.



Dynamic features for virtual machines

-------------------------------------



The permission for the guest state component needs to be managed separately

from the host, as they are exclusive to each other. A coupled of options

are extended to control the guest permission:



-ARCH_GET_XCOMP_GUEST_PERM



 arch_prctl(ARCH_GET_XCOMP_GUEST_PERM, &features);



 ARCH_GET_XCOMP_GUEST_PERM is a variant of ARCH_GET_XCOMP_PERM. So it

 provides the same semantics and functionality but for the guest

 components.



-ARCH_REQ_XCOMP_GUEST_PERM



 arch_prctl(ARCH_REQ_XCOMP_GUEST_PERM, feature_nr);



 ARCH_REQ_XCOMP_GUEST_PERM is a variant of ARCH_REQ_XCOMP_PERM. It has the

 same semantics for the guest permission. While providing a similar

 functionality, this comes with a constraint. Permission is frozen when the

 first VCPU is created. Any attempt to change permission after that point

 is going to be rejected. So, the permission has to be requested before the

 first VCPU creation.



Note that some VMMs may have already established a set of supported state

components. These options are not presumed to support any particular VMM.