From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paul Mackerras Date: Thu, 19 Mar 2020 23:17:13 +0000 Subject: Re: [PATCH] KVM: PPC: Book3S HV: Add a capability for enabling secure guests Message-Id: <20200319231713.GA3260@blackberry> List-Id: References: <20200319043301.GA13052@blackberry> <20200319194108.GB5563@oc0525413822.ibm.com> In-Reply-To: <20200319194108.GB5563@oc0525413822.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Ram Pai Cc: kvm@vger.kernel.org, kvm-ppc@vger.kernel.org, David Gibson On Thu, Mar 19, 2020 at 12:41:08PM -0700, Ram Pai wrote: > On Thu, Mar 19, 2020 at 03:33:01PM +1100, Paul Mackerras wrote: [snip] > > --- a/arch/powerpc/kvm/powerpc.c > > +++ b/arch/powerpc/kvm/powerpc.c > > @@ -670,6 +670,11 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) > > (hv_enabled && cpu_has_feature(CPU_FTR_P9_TM_HV_ASSIST)); > > break; > > #endif > > +#if defined(CONFIG_KVM_BOOK3S_HV_POSSIBLE) && defined(CONFIG_PPC_UV) > > + case KVM_CAP_PPC_SECURE_GUEST: > > + r = hv_enabled && !!firmware_has_feature(FW_FEATURE_ULTRAVISOR); > > We also need to check if the kvmppc_uvmem_init() has been successfully > called and initialized. > > r = hv_enabled && !!firmware_has_feature(FW_FEATURE_ULTRAVISOR) > && kvmppc_uvmem_bitmap; Well I can't do that exactly because kvmppc_uvmem_bitmap is in a different module (the kvm_hv module, whereas this code is in the kvm module), and I wouldn't want to depend on kvmppc_uvmem_bitmap, since that's an internal implementation detail. The firmware_has_feature(FW_FEATURE_ULTRAVISOR) test ultimately depends on there being a device tree node with "ibm,ultravisor" in its compatible property (see early_init_dt_scan_ultravisor()). So that means there is an ultravisor there. The cases where that test would pass but kvmppc_uvmem_bitmap = NULL would be those where the device tree nodes are present but not right, or where the host is so short of memory that it couldn't allocate the kvmppc_uvmem_bitmap. If you think those cases are worth worrying about then I will have to devise a way to do the test without depending on any symbols from the kvm-hv module. Paul.