From: Paul Mackerras <paulus@ozlabs.org>
To: Ram Pai <linuxram@us.ibm.com>
Cc: kvm@vger.kernel.org, kvm-ppc@vger.kernel.org,
David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [PATCH] KVM: PPC: Book3S HV: Add a capability for enabling secure guests
Date: Thu, 19 Mar 2020 23:17:13 +0000 [thread overview]
Message-ID: <20200319231713.GA3260@blackberry> (raw)
In-Reply-To: <20200319194108.GB5563@oc0525413822.ibm.com>
On Thu, Mar 19, 2020 at 12:41:08PM -0700, Ram Pai wrote:
> On Thu, Mar 19, 2020 at 03:33:01PM +1100, Paul Mackerras wrote:
[snip]
> > --- a/arch/powerpc/kvm/powerpc.c
> > +++ b/arch/powerpc/kvm/powerpc.c
> > @@ -670,6 +670,11 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
> > (hv_enabled && cpu_has_feature(CPU_FTR_P9_TM_HV_ASSIST));
> > break;
> > #endif
> > +#if defined(CONFIG_KVM_BOOK3S_HV_POSSIBLE) && defined(CONFIG_PPC_UV)
> > + case KVM_CAP_PPC_SECURE_GUEST:
> > + r = hv_enabled && !!firmware_has_feature(FW_FEATURE_ULTRAVISOR);
>
> We also need to check if the kvmppc_uvmem_init() has been successfully
> called and initialized.
>
> r = hv_enabled && !!firmware_has_feature(FW_FEATURE_ULTRAVISOR)
> && kvmppc_uvmem_bitmap;
Well I can't do that exactly because kvmppc_uvmem_bitmap is in a
different module (the kvm_hv module, whereas this code is in the kvm
module), and I wouldn't want to depend on kvmppc_uvmem_bitmap, since
that's an internal implementation detail.
The firmware_has_feature(FW_FEATURE_ULTRAVISOR) test ultimately
depends on there being a device tree node with "ibm,ultravisor" in its
compatible property (see early_init_dt_scan_ultravisor()). So that
means there is an ultravisor there. The cases where that test would
pass but kvmppc_uvmem_bitmap = NULL would be those where the device
tree nodes are present but not right, or where the host is so short of
memory that it couldn't allocate the kvmppc_uvmem_bitmap. If you
think those cases are worth worrying about then I will have to devise
a way to do the test without depending on any symbols from the kvm-hv
module.
Paul.
WARNING: multiple messages have this Message-ID (diff)
From: Paul Mackerras <paulus@ozlabs.org>
To: Ram Pai <linuxram@us.ibm.com>
Cc: kvm@vger.kernel.org, kvm-ppc@vger.kernel.org,
David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [PATCH] KVM: PPC: Book3S HV: Add a capability for enabling secure guests
Date: Fri, 20 Mar 2020 10:17:13 +1100 [thread overview]
Message-ID: <20200319231713.GA3260@blackberry> (raw)
In-Reply-To: <20200319194108.GB5563@oc0525413822.ibm.com>
On Thu, Mar 19, 2020 at 12:41:08PM -0700, Ram Pai wrote:
> On Thu, Mar 19, 2020 at 03:33:01PM +1100, Paul Mackerras wrote:
[snip]
> > --- a/arch/powerpc/kvm/powerpc.c
> > +++ b/arch/powerpc/kvm/powerpc.c
> > @@ -670,6 +670,11 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
> > (hv_enabled && cpu_has_feature(CPU_FTR_P9_TM_HV_ASSIST));
> > break;
> > #endif
> > +#if defined(CONFIG_KVM_BOOK3S_HV_POSSIBLE) && defined(CONFIG_PPC_UV)
> > + case KVM_CAP_PPC_SECURE_GUEST:
> > + r = hv_enabled && !!firmware_has_feature(FW_FEATURE_ULTRAVISOR);
>
> We also need to check if the kvmppc_uvmem_init() has been successfully
> called and initialized.
>
> r = hv_enabled && !!firmware_has_feature(FW_FEATURE_ULTRAVISOR)
> && kvmppc_uvmem_bitmap;
Well I can't do that exactly because kvmppc_uvmem_bitmap is in a
different module (the kvm_hv module, whereas this code is in the kvm
module), and I wouldn't want to depend on kvmppc_uvmem_bitmap, since
that's an internal implementation detail.
The firmware_has_feature(FW_FEATURE_ULTRAVISOR) test ultimately
depends on there being a device tree node with "ibm,ultravisor" in its
compatible property (see early_init_dt_scan_ultravisor()). So that
means there is an ultravisor there. The cases where that test would
pass but kvmppc_uvmem_bitmap == NULL would be those where the device
tree nodes are present but not right, or where the host is so short of
memory that it couldn't allocate the kvmppc_uvmem_bitmap. If you
think those cases are worth worrying about then I will have to devise
a way to do the test without depending on any symbols from the kvm-hv
module.
Paul.
next prev parent reply other threads:[~2020-03-19 23:17 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-19 4:33 [PATCH] KVM: PPC: Book3S HV: Add a capability for enabling secure guests Paul Mackerras
2020-03-19 4:33 ` Paul Mackerras
2020-03-19 16:30 ` Greg Kurz
2020-03-19 16:30 ` Greg Kurz
2020-03-19 17:44 ` Fabiano Rosas
2020-03-19 17:44 ` Fabiano Rosas
2020-03-19 17:52 ` Cédric Le Goater
2020-03-19 17:52 ` Cédric Le Goater
2020-03-19 19:41 ` Ram Pai
2020-03-19 19:41 ` Ram Pai
2020-03-19 23:17 ` Paul Mackerras [this message]
2020-03-19 23:17 ` Paul Mackerras
2020-03-20 1:20 ` Ram Pai
2020-03-20 1:20 ` Ram Pai
2020-03-23 3:18 ` David Gibson
2020-03-23 3:18 ` David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200319231713.GA3260@blackberry \
--to=paulus@ozlabs.org \
--cc=david@gibson.dropbear.id.au \
--cc=kvm-ppc@vger.kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linuxram@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.