1. 07 4月, 2021 1 次提交
  2. 12 3月, 2021 1 次提交
    • M
      KVM: arm64: Reject VM creation when the default IPA size is unsupported · 7d717558
      Marc Zyngier 提交于
      KVM/arm64 has forever used a 40bit default IPA space, partially
      due to its 32bit heritage (where the only choice is 40bit).
      
      However, there are implementations in the wild that have a *cough*
      much smaller *cough* IPA space, which leads to a misprogramming of
      VTCR_EL2, and a guest that is stuck on its first memory access
      if userspace dares to ask for the default IPA setting (which most
      VMMs do).
      
      Instead, blundly reject the creation of such VM, as we can't
      satisfy the requirements from userspace (with a one-off warning).
      Also clarify the boot warning, and document that the VM creation
      will fail when an unsupported IPA size is provided.
      
      Although this is an ABI change, it doesn't really change much
      for userspace:
      
      - the guest couldn't run before this change, but no error was
        returned. At least userspace knows what is happening.
      
      - a memory slot that was accepted because it did fit the default
        IPA space now doesn't even get a chance to be registered.
      
      The other thing that is left doing is to convince userspace to
      actually use the IPA space setting instead of relying on the
      antiquated default.
      
      Fixes: 233a7cb2 ("kvm: arm64: Allow tuning the physical address size for VM")
      Signed-off-by: NMarc Zyngier <maz@kernel.org>
      Cc: stable@vger.kernel.org
      Reviewed-by: NAndrew Jones <drjones@redhat.com>
      Reviewed-by: NEric Auger <eric.auger@redhat.com>
      Link: https://lore.kernel.org/r/20210311100016.3830038-2-maz@kernel.org
      7d717558
  3. 03 3月, 2021 2 次提交
  4. 26 2月, 2021 2 次提交
  5. 23 2月, 2021 1 次提交
    • L
      KVM: Documentation: rectify rst markup in KVM_GET_SUPPORTED_HV_CPUID · 356c7558
      Lukas Bulwahn 提交于
      Commit c21d54f0 ("KVM: x86: hyper-v: allow KVM_GET_SUPPORTED_HV_CPUID
      as a system ioctl") added an enumeration in the KVM_GET_SUPPORTED_HV_CPUID
      documentation improperly for rst, and caused new warnings in make htmldocs:
      
        Documentation/virt/kvm/api.rst:4536: WARNING: Unexpected indentation.
        Documentation/virt/kvm/api.rst:4538: WARNING: Block quote ends without a blank line; unexpected unindent.
      
      Fix that issue and another historic rst markup issue from the initial
      rst conversion in the KVM_GET_SUPPORTED_HV_CPUID documentation.
      Signed-off-by: NLukas Bulwahn <lukas.bulwahn@gmail.com>
      Message-Id: <20210104095938.24838-1-lukas.bulwahn@gmail.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      356c7558
  6. 10 2月, 2021 2 次提交
  7. 09 2月, 2021 1 次提交
  8. 04 2月, 2021 2 次提交
  9. 26 1月, 2021 2 次提交
  10. 21 1月, 2021 1 次提交
  11. 24 12月, 2020 1 次提交
  12. 15 11月, 2020 3 次提交
    • P
      KVM: Make dirty ring exclusive to dirty bitmap log · b2cc64c4
      Peter Xu 提交于
      There's no good reason to use both the dirty bitmap logging and the
      new dirty ring buffer to track dirty bits.  We should be able to even
      support both of them at the same time, but it could complicate things
      which could actually help little.  Let's simply make it the rule
      before we enable dirty ring on any arch, that we don't allow these two
      interfaces to be used together.
      
      The big world switch would be KVM_CAP_DIRTY_LOG_RING capability
      enablement.  That's where we'll switch from the default dirty logging
      way to the dirty ring way.  As long as kvm->dirty_ring_size is setup
      correctly, we'll once and for all switch to the dirty ring buffer mode
      for the current virtual machine.
      Signed-off-by: NPeter Xu <peterx@redhat.com>
      Message-Id: <20201001012224.5818-1-peterx@redhat.com>
      [Change errno from EINVAL to ENXIO. - Paolo]
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      b2cc64c4
    • P
      KVM: X86: Implement ring-based dirty memory tracking · fb04a1ed
      Peter Xu 提交于
      This patch is heavily based on previous work from Lei Cao
      <lei.cao@stratus.com> and Paolo Bonzini <pbonzini@redhat.com>. [1]
      
      KVM currently uses large bitmaps to track dirty memory.  These bitmaps
      are copied to userspace when userspace queries KVM for its dirty page
      information.  The use of bitmaps is mostly sufficient for live
      migration, as large parts of memory are be dirtied from one log-dirty
      pass to another.  However, in a checkpointing system, the number of
      dirty pages is small and in fact it is often bounded---the VM is
      paused when it has dirtied a pre-defined number of pages. Traversing a
      large, sparsely populated bitmap to find set bits is time-consuming,
      as is copying the bitmap to user-space.
      
      A similar issue will be there for live migration when the guest memory
      is huge while the page dirty procedure is trivial.  In that case for
      each dirty sync we need to pull the whole dirty bitmap to userspace
      and analyse every bit even if it's mostly zeros.
      
      The preferred data structure for above scenarios is a dense list of
      guest frame numbers (GFN).  This patch series stores the dirty list in
      kernel memory that can be memory mapped into userspace to allow speedy
      harvesting.
      
      This patch enables dirty ring for X86 only.  However it should be
      easily extended to other archs as well.
      
      [1] https://patchwork.kernel.org/patch/10471409/Signed-off-by: NLei Cao <lei.cao@stratus.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: NPeter Xu <peterx@redhat.com>
      Message-Id: <20201001012222.5767-1-peterx@redhat.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      fb04a1ed
    • V
      KVM: x86: hyper-v: allow KVM_GET_SUPPORTED_HV_CPUID as a system ioctl · c21d54f0
      Vitaly Kuznetsov 提交于
      KVM_GET_SUPPORTED_HV_CPUID is a vCPU ioctl but its output is now
      independent from vCPU and in some cases VMMs may want to use it as a system
      ioctl instead. In particular, QEMU doesn CPU feature expansion before any
      vCPU gets created so KVM_GET_SUPPORTED_HV_CPUID can't be used.
      
      Convert KVM_GET_SUPPORTED_HV_CPUID to 'dual' system/vCPU ioctl with the
      same meaning.
      Signed-off-by: NVitaly Kuznetsov <vkuznets@redhat.com>
      Message-Id: <20200929150944.1235688-2-vkuznets@redhat.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      c21d54f0
  13. 08 11月, 2020 2 次提交
  14. 22 10月, 2020 3 次提交
    • O
      kvm: x86: only provide PV features if enabled in guest's CPUID · 66570e96
      Oliver Upton 提交于
      KVM unconditionally provides PV features to the guest, regardless of the
      configured CPUID. An unwitting guest that doesn't check
      KVM_CPUID_FEATURES before use could access paravirt features that
      userspace did not intend to provide. Fix this by checking the guest's
      CPUID before performing any paravirtual operations.
      
      Introduce a capability, KVM_CAP_ENFORCE_PV_FEATURE_CPUID, to gate the
      aforementioned enforcement. Migrating a VM from a host w/o this patch to
      a host with this patch could silently change the ABI exposed to the
      guest, warranting that we default to the old behavior and opt-in for
      the new one.
      Reviewed-by: NJim Mattson <jmattson@google.com>
      Reviewed-by: NPeter Shier <pshier@google.com>
      Signed-off-by: NOliver Upton <oupton@google.com>
      Change-Id: I202a0926f65035b872bfe8ad15307c026de59a98
      Message-Id: <20200818152429.1923996-4-oupton@google.com>
      Reviewed-by: NWanpeng Li <wanpengli@tencent.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      66570e96
    • P
      KVM: VMX: Forbid userspace MSR filters for x2APIC · 043248b3
      Paolo Bonzini 提交于
      Allowing userspace to intercept reads to x2APIC MSRs when APICV is
      fully enabled for the guest simply can't work.   But more in general,
      the LAPIC could be set to in-kernel after the MSR filter is setup
      and allowing accesses by userspace would be very confusing.
      
      We could in principle allow userspace to intercept reads and writes to TPR,
      and writes to EOI and SELF_IPI, but while that could be made it work, it
      would still be silly.
      
      Cc: Alexander Graf <graf@amazon.com>
      Cc: Aaron Lewis <aaronlewis@google.com>
      Cc: Peter Xu <peterx@redhat.com>
      Cc: Sean Christopherson <sean.j.christopherson@intel.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      043248b3
    • S
      KVM: VMX: Ignore userspace MSR filters for x2APIC · 9389b9d5
      Sean Christopherson 提交于
      Rework the resetting of the MSR bitmap for x2APIC MSRs to ignore userspace
      filtering.  Allowing userspace to intercept reads to x2APIC MSRs when
      APICV is fully enabled for the guest simply can't work; the LAPIC and thus
      virtual APIC is in-kernel and cannot be directly accessed by userspace.
      To keep things simple we will in fact forbid intercepting x2APIC MSRs
      altogether, independent of the default_allow setting.
      
      Cc: Alexander Graf <graf@amazon.com>
      Cc: Aaron Lewis <aaronlewis@google.com>
      Cc: Peter Xu <peterx@redhat.com>
      Signed-off-by: NSean Christopherson <sean.j.christopherson@intel.com>
      Message-Id: <20201005195532.8674-3-sean.j.christopherson@intel.com>
      [Modified to operate even if APICv is disabled, adjust documentation. - Paolo]
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      9389b9d5
  15. 28 9月, 2020 3 次提交
    • A
      KVM: x86: Introduce MSR filtering · 1a155254
      Alexander Graf 提交于
      It's not desireable to have all MSRs always handled by KVM kernel space. Some
      MSRs would be useful to handle in user space to either emulate behavior (like
      uCode updates) or differentiate whether they are valid based on the CPU model.
      
      To allow user space to specify which MSRs it wants to see handled by KVM,
      this patch introduces a new ioctl to push filter rules with bitmaps into
      KVM. Based on these bitmaps, KVM can then decide whether to reject MSR access.
      With the addition of KVM_CAP_X86_USER_SPACE_MSR it can also deflect the
      denied MSR events to user space to operate on.
      
      If no filter is populated, MSR handling stays identical to before.
      Signed-off-by: NAlexander Graf <graf@amazon.com>
      
      Message-Id: <20200925143422.21718-8-graf@amazon.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      1a155254
    • A
      KVM: x86: Allow deflecting unknown MSR accesses to user space · 1ae09954
      Alexander Graf 提交于
      MSRs are weird. Some of them are normal control registers, such as EFER.
      Some however are registers that really are model specific, not very
      interesting to virtualization workloads, and not performance critical.
      Others again are really just windows into package configuration.
      
      Out of these MSRs, only the first category is necessary to implement in
      kernel space. Rarely accessed MSRs, MSRs that should be fine tunes against
      certain CPU models and MSRs that contain information on the package level
      are much better suited for user space to process. However, over time we have
      accumulated a lot of MSRs that are not the first category, but still handled
      by in-kernel KVM code.
      
      This patch adds a generic interface to handle WRMSR and RDMSR from user
      space. With this, any future MSR that is part of the latter categories can
      be handled in user space.
      
      Furthermore, it allows us to replace the existing "ignore_msrs" logic with
      something that applies per-VM rather than on the full system. That way you
      can run productive VMs in parallel to experimental ones where you don't care
      about proper MSR handling.
      Signed-off-by: NAlexander Graf <graf@amazon.com>
      Reviewed-by: NJim Mattson <jmattson@google.com>
      
      Message-Id: <20200925143422.21718-3-graf@amazon.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      1ae09954
    • V
      KVM: x86: hyper-v: Mention SynDBG CPUID leaves in api.rst · b44f50d8
      Vitaly Kuznetsov 提交于
      We forgot to update KVM_GET_SUPPORTED_HV_CPUID's documentation in api.rst
      when SynDBG leaves were added.
      
      While on it, fix 'KVM_GET_SUPPORTED_CPUID' copy-paste error.
      
      Fixes: f97f5a56 ("x86/kvm/hyper-v: Add support for synthetic debugger interface")
      Signed-off-by: NVitaly Kuznetsov <vkuznets@redhat.com>
      Message-Id: <20200924145757.1035782-2-vkuznets@redhat.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      b44f50d8
  16. 14 9月, 2020 1 次提交
  17. 11 9月, 2020 1 次提交
  18. 10 9月, 2020 1 次提交
  19. 21 8月, 2020 2 次提交
  20. 22 7月, 2020 1 次提交
  21. 13 7月, 2020 1 次提交
  22. 10 7月, 2020 1 次提交
  23. 09 7月, 2020 2 次提交
  24. 06 7月, 2020 1 次提交
  25. 01 6月, 2020 2 次提交