Re: [PATCH v2 08/13] KVM: arm64: Add support for KVM_EXIT_HYPERCALL

[Oliver Upton <oliver.upton@linux.dev>]

On Fri, Mar 31, 2023 at 06:10:52PM +0100, Marc Zyngier wrote:
> On Thu, 30 Mar 2023 16:49:13 +0100,
> Oliver Upton <oliver.upton@linux.dev> wrote:
> > 
> > In anticipation of user hypercall filters, add the necessary plumbing to
> > get SMCCC calls out to userspace. Even though the exit structure has
> > space for KVM to pass register arguments, let's just avoid it altogether
> > and let userspace poke at the registers via KVM_GET_ONE_REG.
> > 
> > This deliberately stretches the definition of a 'hypercall' to cover
> > SMCs from EL1 in addition to the HVCs we know and love. KVM doesn't
> > support EL1 calls into secure services, but now we can paint that as a
> > userspace problem and be done with it.
> > 
> > Finally, we need a flag to let userspace know what conduit instruction
> > was used (i.e. SMC vs. HVC).
> > 
> > Signed-off-by: Oliver Upton <oliver.upton@linux.dev>
> > ---
> >  Documentation/virt/kvm/api.rst    | 22 ++++++++++++++++++++--
> >  arch/arm64/include/uapi/asm/kvm.h |  4 ++++
> >  arch/arm64/kvm/handle_exit.c      |  4 +++-
> >  arch/arm64/kvm/hypercalls.c       | 17 +++++++++++++++++
> >  4 files changed, 44 insertions(+), 3 deletions(-)
> > 
> > diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
> > index 9b01e3d0e757..c8ab2f730945 100644
> > --- a/Documentation/virt/kvm/api.rst
> > +++ b/Documentation/virt/kvm/api.rst
> > @@ -6221,11 +6221,29 @@ to the byte array.
> >  			__u64 flags;
> >  		} hypercall;
> >  
> > -Unused.  This was once used for 'hypercall to userspace'.  To implement
> > -such functionality, use KVM_EXIT_IO (x86) or KVM_EXIT_MMIO (all except s390).
> > +
> > +It is strongly recommended that userspace use ``KVM_EXIT_IO`` (x86) or
> > +``KVM_EXIT_MMIO`` (all except s390) to implement functionality that
> > +requires a guest to interact with host userpace.
> >  
> >  .. note:: KVM_EXIT_IO is significantly faster than KVM_EXIT_MMIO.
> >  
> > +For arm64:
> > +----------
> > +
> > +SMCCC exits can be enabled depending on the configuration of the SMCCC
> > +filter. See the Documentation/virt/kvm/devices/vm.rst
> > +``KVM_ARM_SMCCC_FILTER`` for more details.
> 
> Maybe this hunk should come with the following patch which actually
> adds that doc.

Heh, you caught me being lazy :) Can do.

> > diff --git a/arch/arm64/kvm/hypercalls.c b/arch/arm64/kvm/hypercalls.c
> > index 73b218ddd1a5..7e8c850847c1 100644
> > --- a/arch/arm64/kvm/hypercalls.c
> > +++ b/arch/arm64/kvm/hypercalls.c
> > @@ -180,6 +180,19 @@ static u8 kvm_smccc_get_action(struct kvm_vcpu *vcpu, u32 func_id)
> >  	return KVM_SMCCC_FILTER_DENY;
> >  }
> >  
> > +static void kvm_prepare_hypercall_exit(struct kvm_vcpu *vcpu, u32 func_id)
> > +{
> > +	u8 ec = ESR_ELx_EC(kvm_vcpu_get_esr(vcpu));
> > +	struct kvm_run *run = vcpu->run;
> > +
> > +	run->exit_reason = KVM_EXIT_HYPERCALL;
> > +	run->hypercall.nr = func_id;
> > +	run->hypercall.flags = 0;
> > +
> > +	if (ec == ESR_ELx_EC_SMC32 || ec == ESR_ELx_EC_SMC64)
> > +		run->hypercall.flags |= KVM_HYPERCALL_EXIT_SMC;
> > +}
> > +
> >  int kvm_smccc_call_handler(struct kvm_vcpu *vcpu)
> >  {
> >  	struct kvm_smccc_features *smccc_feat = &vcpu->kvm->arch.smccc_feat;
> > @@ -192,6 +205,10 @@ int kvm_smccc_call_handler(struct kvm_vcpu *vcpu)
> >  	action = kvm_smccc_get_action(vcpu, func_id);
> >  	if (action == KVM_SMCCC_FILTER_DENY)
> >  		goto out;
> > +	if (action == KVM_SMCCC_FILTER_FWD_TO_USER) {
> > +		kvm_prepare_hypercall_exit(vcpu, func_id);
> > +		return 0;
> > +	}
> 
> nit: maybe write this as a switch statement?

Sure thing. I'll get a new spin on the list sometime in the next day or
two that addresses your feedback. Appreciate the review

-- 
Thanks,
Oliver