From: Sean Christopherson <seanjc@google.com>
To: Zack Rusin <zack.rusin@broadcom.com>
Cc: linux-kernel@vger.kernel.org,
Doug Covelli <doug.covelli@broadcom.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Jonathan Corbet <corbet@lwn.net>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
kvm@vger.kernel.org, linux-doc@vger.kernel.org
Subject: Re: [PATCH v2 2/5] KVM: x86: Allow enabling of the vmware backdoor via a cap
Date: Wed, 23 Jul 2025 11:06:37 -0700 [thread overview]
Message-ID: <aIEkrc7Mdf2ia1Mm@google.com> (raw)
In-Reply-To: <20250422161304.579394-3-zack.rusin@broadcom.com>
On Tue, Apr 22, 2025, Zack Rusin wrote:
> @@ -6735,6 +6734,19 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
> mutex_unlock(&kvm->lock);
> break;
> }
> +#ifdef CONFIG_KVM_VMWARE
> + case KVM_CAP_X86_VMWARE_BACKDOOR:
I much perfer using a single KVM_CAP_X86_VMWARE capability. More below.
> + r = -EINVAL;
> + if (cap->args[0] & ~1)
Using bit 0 for "enable" needs to be #defined arch/x86/include/uapi/asm/kvm.h.
At that point, adding more capabilities for the other VMware functionality doesn't
make much sense, especially since the capabilities that are added in later patches
don't have the kvm->created_vcpus protection, i.e. are likely buggy.
E.g. with the below diff (completely untested, probably won't apply cleanly?)
spread across three-ish patches, the accessors can be:
static inline bool kvm_is_vmware_cap_enabled(struct kvm *kvm, u64 cap)
{
return kvm->arch.vmware.caps & cap;
}
static inline bool kvm_is_vmware_backdoor_enabled(struct kvm_vcpu *vcpu)
{
return kvm_is_vmware_cap_enabled(kvm, KVM_VMWARE_ENABLE_BACKDOOR);
}
static inline bool kvm_is_vmware_hypercall_enabled(struct kvm *kvm)
{
return kvm_is_vmware_cap_enabled(kvm, KVM_VMWARE_ENABLE_HYPERCALL);
}
static inline bool kvm_vmware_nested_backdoor_l0_enabled(struct kvm *kvm)
{
return kvm_is_vmware_backdoor_enabled(kvm) &&
kvm_is_vmware_cap_enabled(kvm, KVM_VMWARE_ENABLE_NESTED_BACKDOOR);
}
---
arch/x86/include/asm/kvm_host.h | 4 +---
arch/x86/include/uapi/asm/kvm.h | 4 ++++
arch/x86/kvm/x86.c | 34 ++++++++++++---------------------
3 files changed, 17 insertions(+), 25 deletions(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 639c49db0106..1433cdd14675 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1219,9 +1219,7 @@ struct kvm_xen {
#ifdef CONFIG_KVM_VMWARE
/* VMware emulation context */
struct kvm_vmware {
- bool backdoor_enabled;
- bool hypercall_enabled;
- bool nested_backdoor_l0_enabled;
+ u64 caps;
};
#endif
diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h
index e019111e2150..ae578422d6f4 100644
--- a/arch/x86/include/uapi/asm/kvm.h
+++ b/arch/x86/include/uapi/asm/kvm.h
@@ -1013,4 +1013,8 @@ struct kvm_tdx_init_mem_region {
__u64 nr_pages;
};
+#define KVM_VMWARE_ENABLE_BACKDOOR _BITULL(0)
+#define KVM_VMWARE_ENABLE_HYPERCALL _BITULL(1)
+#define KVM_VMWARE_ENABLE_NESTED_BACKDOOR _BITULL(2)
+
#endif /* _ASM_X86_KVM_H */
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 7234333a92d8..b9e2faf0ceb7 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -126,6 +126,10 @@ static u64 __read_mostly efer_reserved_bits = ~((u64)EFER_SCE);
#define KVM_X2APIC_API_VALID_FLAGS (KVM_X2APIC_API_USE_32BIT_IDS | \
KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK)
+#define KVM_CAP_VMWARE_VALID_MASK (KVM_VMWARE_CAP_ENABLE_BACKDOOR | \
+ KVM_VMWARE_ENABLE_HYPERCALL | \
+ KVM_VMWARE_ENABLE_NESTED_BACKDOOR)
+
static void update_cr8_intercept(struct kvm_vcpu *vcpu);
static void process_nmi(struct kvm_vcpu *vcpu);
static void __kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags);
@@ -4708,11 +4712,6 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
case KVM_CAP_IRQFD_RESAMPLE:
case KVM_CAP_MEMORY_FAULT_INFO:
case KVM_CAP_X86_GUEST_MODE:
-#ifdef CONFIG_KVM_VMWARE
- case KVM_CAP_X86_VMWARE_BACKDOOR:
- case KVM_CAP_X86_VMWARE_HYPERCALL:
- case KVM_CAP_X86_VMWARE_NESTED_BACKDOOR_L0:
-#endif
r = 1;
break;
case KVM_CAP_PRE_FAULT_MEMORY:
@@ -4836,6 +4835,10 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
case KVM_CAP_READONLY_MEM:
r = kvm ? kvm_arch_has_readonly_mem(kvm) : 1;
break;
+#ifdef CONFIG_KVM_VMWARE
+ case KVM_CAP_X86_VMWARE:
+ return KVM_CAP_VMWARE_VALID_MASK;
+#endif
default:
break;
}
@@ -6669,31 +6672,18 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
break;
}
#ifdef CONFIG_KVM_VMWARE
- case KVM_CAP_X86_VMWARE_BACKDOOR:
+ case KVM_CAP_X86_VMWARE:
r = -EINVAL;
- if (cap->args[0] & ~1)
+ if (cap->args[0] & ~KVM_CAP_VMWARE_VALID_MASK)
break;
+
mutex_lock(&kvm->lock);
if (!kvm->created_vcpus) {
- kvm->arch.vmware.backdoor_enabled = cap->args[0];
+ kvm->arch.vmware.caps = cap->args[0];
r = 0;
}
mutex_unlock(&kvm->lock);
break;
- case KVM_CAP_X86_VMWARE_HYPERCALL:
- r = -EINVAL;
- if (cap->args[0] & ~1)
- break;
- kvm->arch.vmware.hypercall_enabled = cap->args[0];
- r = 0;
- break;
- case KVM_CAP_X86_VMWARE_NESTED_BACKDOOR_L0:
- r = -EINVAL;
- if (cap->args[0] & ~1)
- break;
- kvm->arch.vmware.nested_backdoor_l0_enabled = cap->args[0];
- r = 0;
- break;
#endif
default:
r = -EINVAL;
base-commit: 77a53b6f5d1c2dabef34d890d212910ed1f43bcb
--
next prev parent reply other threads:[~2025-07-23 18:06 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-22 16:12 [PATCH v2 0/5] KVM: Improve VMware guest support Zack Rusin
2025-04-22 16:12 ` [PATCH v2 1/5] KVM: x86: Centralize KVM's VMware code Zack Rusin
2025-04-22 16:58 ` Francesco Lavra
2025-07-23 17:48 ` Sean Christopherson
[not found] ` <CABQX2QMj=7HnTqCsKHpcypyfNsMYumYM7NH_jpUvMbgbTH=ZXg@mail.gmail.com>
2025-07-23 18:55 ` Sean Christopherson
2025-04-22 16:12 ` [PATCH v2 2/5] KVM: x86: Allow enabling of the vmware backdoor via a cap Zack Rusin
2025-07-23 18:06 ` Sean Christopherson [this message]
2025-04-22 16:12 ` [PATCH v2 3/5] KVM: x86: Add support for VMware guest specific hypercalls Zack Rusin
2025-07-23 18:14 ` Sean Christopherson
2025-04-22 16:12 ` [PATCH v2 4/5] KVM: x86: Add support for legacy VMware backdoors in nested setups Zack Rusin
2025-04-23 7:56 ` Xin Li
2025-04-23 11:43 ` Zack Rusin
2025-04-23 13:31 ` Sean Christopherson
2025-04-23 15:36 ` Zack Rusin
2025-04-23 15:54 ` Sean Christopherson
2025-04-23 16:58 ` Zack Rusin
2025-04-23 17:16 ` Sean Christopherson
2025-04-23 17:25 ` Zack Rusin
2025-04-23 18:57 ` Sean Christopherson
2025-04-23 20:01 ` Zack Rusin
2025-07-23 18:19 ` Sean Christopherson
2025-04-22 16:12 ` [PATCH v2 5/5] KVM: selftests: x86: Add a test for KVM_CAP_X86_VMWARE_HYPERCALL Zack Rusin
2025-07-23 18:21 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aIEkrc7Mdf2ia1Mm@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=doug.covelli@broadcom.com \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=zack.rusin@broadcom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).