* [PATCH 09/60] kvm: Introduce struct kvm_plane
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Paolo Bonzini <pbonzini@redhat.com>
Introduce a data structure to keep VM-wide per-plane state. Initialize
the structure with a back-pointer to struct kvm and the plane level
the structure represents.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Co-developed-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
include/linux/kvm_host.h | 7 +++++++
include/uapi/linux/kvm.h | 6 ++++++
virt/kvm/kvm_main.c | 41 ++++++++++++++++++++++++++++++++++++++++
3 files changed, 54 insertions(+)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 4c14aee1fb06..5be4c9f118b4 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -767,6 +767,11 @@ struct kvm_memslots {
int node_idx;
};
+struct kvm_plane {
+ struct kvm *kvm;
+ unsigned level;
+};
+
struct kvm {
#ifdef KVM_HAVE_MMU_RWLOCK
rwlock_t mmu_lock;
@@ -806,6 +811,8 @@ struct kvm {
spinlock_t gpc_lock;
struct list_head gpc_list;
+ struct kvm_plane *planes[KVM_MAX_PLANES];
+
/*
* created_vcpus is protected by kvm->lock, and is incremented
* at the beginning of KVM_CREATE_VCPU. online_vcpus is only
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index 6c8afa2047bf..813f964a6dc1 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -730,6 +730,11 @@ struct kvm_enable_cap {
#define KVM_GET_EMULATED_CPUID _IOWR(KVMIO, 0x09, struct kvm_cpuid2)
#define KVM_GET_MSR_FEATURE_INDEX_LIST _IOWR(KVMIO, 0x0a, struct kvm_msr_list)
+/*
+ * Maximum number of supported planes
+ */
+#define KVM_MAX_PLANES 16
+
/*
* Extension capability list.
*/
@@ -996,6 +1001,7 @@ struct kvm_enable_cap {
#define KVM_CAP_S390_USER_OPEREXEC 246
#define KVM_CAP_S390_KEYOP 247
#define KVM_CAP_S390_VSIE_ESAMODE 248
+#define KVM_CAP_PLANES 249
struct kvm_irq_routing_irqchip {
__u32 irqchip;
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 881f92d7a469..a68469c6d12e 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1095,6 +1095,38 @@ static inline struct kvm_io_bus *kvm_get_bus_for_destruction(struct kvm *kvm,
static int kvm_enable_virtualization(void);
static void kvm_disable_virtualization(void);
+static struct kvm_plane *kvm_create_plane(struct kvm *kvm, unsigned plane_level)
+{
+ struct kvm_plane *plane = kzalloc(sizeof(*plane), GFP_KERNEL_ACCOUNT);
+
+ if (!plane)
+ return NULL;
+
+ plane->kvm = kvm;
+ plane->level = plane_level;
+
+ kvm->planes[plane_level] = plane;
+
+ return plane;
+}
+
+static void kvm_destroy_one_plane(struct kvm_plane *plane)
+{
+ kfree(plane);
+}
+
+static void kvm_destroy_planes(struct kvm *kvm)
+{
+ int i;
+
+ for (i = 0; i < KVM_MAX_PLANES; ++i) {
+ if (kvm->planes[i] == NULL)
+ continue;
+ kvm_destroy_one_plane(kvm->planes[i]);
+ kvm->planes[i] = NULL;
+ }
+}
+
static struct kvm *kvm_create_vm(unsigned long type, const char *fdname)
{
struct kvm *kvm = kvm_arch_alloc_vm();
@@ -1127,6 +1159,12 @@ static struct kvm *kvm_create_vm(unsigned long type, const char *fdname)
BUILD_BUG_ON(KVM_MEM_SLOTS_NUM > SHRT_MAX);
+ /* Initialize planes array and allocate plane 0 */
+ if (kvm_create_plane(kvm, 0) == NULL) {
+ r = -ENOMEM;
+ goto out_no_planes;
+ }
+
/*
* Force subsequent debugfs file creations to fail if the VM directory
* is not created (by kvm_create_vm_debugfs()).
@@ -1225,6 +1263,8 @@ static struct kvm *kvm_create_vm(unsigned long type, const char *fdname)
out_err_no_irq_srcu:
cleanup_srcu_struct(&kvm->srcu);
out_err_no_srcu:
+ kvm_destroy_planes(kvm);
+out_no_planes:
kvm_arch_free_vm(kvm);
mmdrop(current->mm);
return ERR_PTR(r);
@@ -1304,6 +1344,7 @@ static void kvm_destroy_vm(struct kvm *kvm)
xa_destroy(&kvm->mem_attr_array);
#endif
kvm_arch_free_vm(kvm);
+ kvm_destroy_planes(kvm);
preempt_notifier_dec();
kvm_disable_virtualization();
mmdrop(mm);
--
2.53.0
^ permalink raw reply related
* [PATCH 60/60] kvm: svm: Advertise full multi-VMPL support to the SNP guest
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Tom Lendacky <thomas.lendacky@amd.com>
Indicate full multi-VMPL support to the guest through the GHCB feature
bitmap.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Co-developed-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
arch/x86/kvm/svm/sev.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 528c8bd3e8fc..0736e1c778d9 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -43,7 +43,8 @@
#define GHCB_HV_FT_SUPPORTED (GHCB_HV_FT_SNP | \
GHCB_HV_FT_SNP_AP_CREATION | \
GHCB_HV_FT_SNP_RINJ | \
- GHCB_HV_FT_APIC_ID_LIST)
+ GHCB_HV_FT_APIC_ID_LIST | \
+ GHCB_HV_FT_SNP_MULTI_VMPL)
/*
* The GHCB spec essentially states that all non-zero error codes other than
--
2.53.0
^ permalink raw reply related
* [PATCH 46/60] kvm: x86: Share MTRR state across planes
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Joerg Roedel <joerg.roedel@amd.com>
Share the MTRR state across all planes of a given VCPU index.
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
arch/x86/include/asm/kvm_host.h | 3 ++-
arch/x86/kvm/mtrr.c | 12 +++++++-----
2 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index b0d040528f9d..f30173093c44 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -817,6 +817,8 @@ struct kvm_vcpu_arch_common {
*/
u32 cpu_caps[NR_KVM_CPU_CAPS];
+ /* Cache configuration state */
+ struct kvm_mtrr mtrr_state;
};
int kvm_arch_vcpu_common_init(struct kvm_vcpu_common *common);
@@ -994,7 +996,6 @@ struct kvm_vcpu_arch {
bool smi_pending; /* SMI queued after currently running handler */
u8 handling_intr_from_guest;
- struct kvm_mtrr mtrr_state;
u64 pat;
unsigned switch_db_regs;
diff --git a/arch/x86/kvm/mtrr.c b/arch/x86/kvm/mtrr.c
index 6f74e2b27c1e..610ff975e022 100644
--- a/arch/x86/kvm/mtrr.c
+++ b/arch/x86/kvm/mtrr.c
@@ -23,18 +23,20 @@
static u64 *find_mtrr(struct kvm_vcpu *vcpu, unsigned int msr)
{
+ struct kvm_vcpu_common *common = vcpu->common;
+
int index;
switch (msr) {
case MTRRphysBase_MSR(0) ... MTRRphysMask_MSR(KVM_NR_VAR_MTRR - 1):
index = msr - MTRRphysBase_MSR(0);
- return &vcpu->arch.mtrr_state.var[index];
+ return &common->arch.mtrr_state.var[index];
case MSR_MTRRfix64K_00000:
- return &vcpu->arch.mtrr_state.fixed_64k;
+ return &common->arch.mtrr_state.fixed_64k;
case MSR_MTRRfix16K_80000:
case MSR_MTRRfix16K_A0000:
index = msr - MSR_MTRRfix16K_80000;
- return &vcpu->arch.mtrr_state.fixed_16k[index];
+ return &common->arch.mtrr_state.fixed_16k[index];
case MSR_MTRRfix4K_C0000:
case MSR_MTRRfix4K_C8000:
case MSR_MTRRfix4K_D0000:
@@ -44,9 +46,9 @@ static u64 *find_mtrr(struct kvm_vcpu *vcpu, unsigned int msr)
case MSR_MTRRfix4K_F0000:
case MSR_MTRRfix4K_F8000:
index = msr - MSR_MTRRfix4K_C0000;
- return &vcpu->arch.mtrr_state.fixed_4k[index];
+ return &common->arch.mtrr_state.fixed_4k[index];
case MSR_MTRRdefType:
- return &vcpu->arch.mtrr_state.deftype;
+ return &common->arch.mtrr_state.deftype;
default:
break;
}
--
2.53.0
^ permalink raw reply related
* [PATCH 32/60] kvm: Allocate struct kvm_run only for struct kvm_vcpu_common
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Paolo Bonzini <pbonzini@redhat.com>
Share the struct kvm_run across all planes for one VCPU id.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Co-developed-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
include/linux/kvm_host.h | 3 +++
virt/kvm/kvm_main.c | 29 ++++++++++++++++-------------
2 files changed, 19 insertions(+), 13 deletions(-)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 55e3e9046975..385e1ee8fd3a 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -327,6 +327,9 @@ struct kvm_mmio_fragment {
struct kvm_vcpu_common {
struct kvm *kvm;
+ /* kvm_run struct shared across all planes */
+ struct kvm_run *run;
+
int vcpu_idx; /* index into kvm->planes[]->vcpu_array */
/* Currently active VCPU */
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 4f2c8f46a0d3..2d0d5f4fd356 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -441,6 +441,7 @@ void *kvm_mmu_memory_cache_alloc(struct kvm_mmu_memory_cache *mc)
static int kvm_vcpu_init_common(struct kvm_vcpu *vcpu, struct kvm *kvm, unsigned long id)
{
struct kvm_vcpu_common *common __free(kfree) = kzalloc(sizeof(*common), GFP_KERNEL_ACCOUNT);
+ struct page *page;
int r;
/*
@@ -466,6 +467,14 @@ static int kvm_vcpu_init_common(struct kvm_vcpu *vcpu, struct kvm *kvm, unsigned
common->vcpu_idx = atomic_read(&kvm->online_vcpus);
+ BUILD_BUG_ON(sizeof(struct kvm_run) > PAGE_SIZE);
+ page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO);
+ if (!page) {
+ r = -ENOMEM;
+ goto out_drop_counter;
+ }
+ common->run = page_address(page);
+
mutex_init(&common->mutex);
#ifndef __KVM_HAVE_ARCH_WQP
@@ -487,7 +496,7 @@ static int kvm_vcpu_init_common(struct kvm_vcpu *vcpu, struct kvm *kvm, unsigned
r = kvm_dirty_ring_alloc(kvm, &common->dirty_ring,
id, kvm->dirty_ring_size);
if (r)
- goto out_drop_counter;
+ goto out_free_run;
}
r = kvm_arch_vcpu_common_init(common);
@@ -503,6 +512,8 @@ static int kvm_vcpu_init_common(struct kvm_vcpu *vcpu, struct kvm *kvm, unsigned
out_free_dirty_ring:
kvm_dirty_ring_free(&common->dirty_ring);
+out_free_run:
+ free_page((unsigned long)common->run);
out_drop_counter:
mutex_lock(&kvm->lock);
kvm->created_vcpus--;
@@ -546,6 +557,7 @@ static void kvm_vcpu_common_destroy(struct kvm_vcpu *vcpu)
struct kvm *kvm = common->kvm;
vcpu->common = NULL;
+ vcpu->run = NULL;
if (vcpu->plane_level != 0)
return;
@@ -563,6 +575,7 @@ static void kvm_vcpu_common_destroy(struct kvm_vcpu *vcpu)
*/
put_pid(common->pid);
kvm_dirty_ring_free(&common->dirty_ring);
+ free_page((unsigned long)common->run);
kfree(common);
}
@@ -4337,7 +4350,6 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, unsigned long id)
{
int r = -EINVAL;
struct kvm_vcpu *vcpu;
- struct page *page;
mutex_lock(&kvm->lock);
if (kvm->created_vcpus >= kvm->max_vcpus) {
@@ -4359,20 +4371,13 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, unsigned long id)
goto vcpu_free;
vcpu->vcpu_idx = vcpu->common->vcpu_idx;
-
- BUILD_BUG_ON(sizeof(struct kvm_run) > PAGE_SIZE);
- page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO);
- if (!page) {
- r = -ENOMEM;
- goto vcpu_free_common;
- }
- vcpu->run = page_address(page);
+ vcpu->run = vcpu->common->run;
kvm_vcpu_init(vcpu, kvm, id);
r = kvm_arch_vcpu_create(vcpu);
if (r)
- goto vcpu_free_run_page;
+ goto vcpu_free_common;
mutex_lock(&kvm->lock);
@@ -4415,8 +4420,6 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, unsigned long id)
unlock_vcpu_destroy:
mutex_unlock(&kvm->lock);
kvm_arch_vcpu_destroy(vcpu);
-vcpu_free_run_page:
- free_page((unsigned long)vcpu->run);
vcpu_free_common:
kvm_vcpu_common_destroy(vcpu);
vcpu_free:
--
2.53.0
^ permalink raw reply related
* [PATCH 01/60] x86/sev: Define the #HV doorbell page structure
From: Jörg Rödel @ 2026-06-08 14:41 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Melody Wang <huibo.wang@amd.com>
Restricted injection is a feature which enforces additional interrupt and
event injection security protections for a SEV-SNP guest. It disables all
hypervisor-based interrupt queuing and event injection of all vectors except
a new exception vector, #HV (28), which is reserved for SNP guest use, but
never generated by hardware. #HV is only allowed to be injected into VMSAs
that execute with Restricted Injection.
The guests running with the SNP restricted injection feature active limit the
host to ringing a doorbell with a #HV exception.
Define two fields in the #HV doorbell page: a pending event field, and an EOI
assist.
Create the structure definition for the #HV doorbell page as per GHCB
specification.
Co-developed-by: Thomas Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Thomas Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Melody Wang <huibo.wang@amd.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
arch/x86/include/asm/svm.h | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
index bcfeb5e7c0ed..9822b0b346ae 100644
--- a/arch/x86/include/asm/svm.h
+++ b/arch/x86/include/asm/svm.h
@@ -252,6 +252,39 @@ struct __attribute__ ((__packed__)) vmcb_control_area {
#define SVM_TSC_RATIO_MAX 0x000000ffffffffffULL
#define SVM_TSC_RATIO_DEFAULT 0x0100000000ULL
+/*
+ * Hypervisor doorbell page:
+ *
+ * Used when Restricted Injection is enabled for a VM. One page in size that
+ * is shared between the guest and hypervisor to communicate exception and
+ * interrupt events.
+ */
+struct hvdb_events {
+ /* First 64 bytes of HV doorbell page defined in GHCB specification */
+ union {
+ struct {
+ /* Non-maskable event indicators */
+ u16 vector: 8,
+ nmi: 1,
+ mce: 1,
+ reserved2: 5,
+ no_further_signal: 1;
+ };
+
+ u16 pending_events;
+ };
+
+ u8 no_eoi_required;
+
+ u8 reserved3[61];
+};
+
+struct hvdb {
+ struct hvdb_events events;
+
+ /* Remainder of the page is for software use */
+ u8 reserved[PAGE_SIZE - sizeof(struct hvdb_events)];
+};
/* AVIC */
#define AVIC_LOGICAL_ID_ENTRY_GUEST_PHYSICAL_ID_MASK (0xFFULL)
--
2.53.0
^ permalink raw reply related
* [PATCH 29/60] kvm: Implement KVM_CREATE_PLANE ioctl
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Paolo Bonzini <pbonzini@redhat.com>
Add a new VM ioctl to create a new plane. It returns a new file
descriptor which supports per-plane ioctls.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Co-developed-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
include/uapi/linux/kvm.h | 2 ++
virt/kvm/kvm_main.c | 75 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 77 insertions(+)
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index 813f964a6dc1..24e34b8e4819 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -1355,6 +1355,8 @@ struct kvm_s390_keyop {
#define KVM_GET_DEVICE_ATTR _IOW(KVMIO, 0xe2, struct kvm_device_attr)
#define KVM_HAS_DEVICE_ATTR _IOW(KVMIO, 0xe3, struct kvm_device_attr)
+#define KVM_CREATE_PLANE _IO(KVMIO, 0xe4)
+
/*
* ioctls for vcpu fds
*/
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 5a0277e2ac7c..03a44ff62f0f 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -4843,6 +4843,34 @@ static long kvm_vcpu_compat_ioctl(struct file *filp,
}
#endif
+static long kvm_plane_ioctl(struct file *filp, unsigned int ioctl,
+ unsigned long arg)
+{
+ struct kvm_plane *plane = filp->private_data;
+
+ if (plane->kvm->mm != current->mm || plane->kvm->vm_dead)
+ return -EIO;
+
+ switch (ioctl) {
+ default:
+ return -ENOTTY;
+ }
+}
+
+static int kvm_plane_release(struct inode *inode, struct file *filp)
+{
+ struct kvm_plane *plane = filp->private_data;
+
+ kvm_put_kvm(plane->kvm);
+ return 0;
+}
+
+static struct file_operations kvm_plane_fops = {
+ .unlocked_ioctl = kvm_plane_ioctl,
+ .release = kvm_plane_release,
+ KVM_COMPAT(kvm_plane_ioctl),
+};
+
static int kvm_device_mmap(struct file *filp, struct vm_area_struct *vma)
{
struct kvm_device *dev = filp->private_data;
@@ -5288,6 +5316,49 @@ static int kvm_vm_ioctl_get_stats_fd(struct kvm *kvm)
return fd;
}
+static int kvm_vm_ioctl_create_plane(struct kvm *kvm, unsigned id)
+{
+ struct kvm_plane *plane;
+ struct file *file;
+ int r, fd;
+
+ if (id >= kvm_arch_max_planes(kvm) ||
+ WARN_ON_ONCE(id >= KVM_MAX_PLANES))
+ return -EINVAL;
+
+ guard(mutex)(&kvm->lock);
+ if (kvm->planes[id])
+ return -EEXIST;
+
+ fd = get_unused_fd_flags(O_CLOEXEC);
+ if (fd < 0)
+ return fd;
+
+ plane = kvm_create_plane(kvm, id);
+ if (!plane) {
+ r = -ENOMEM;
+ goto put_fd;
+ }
+
+ kvm_get_kvm(kvm);
+ file = anon_inode_getfile("kvm-plane", &kvm_plane_fops, plane, O_RDWR);
+ if (IS_ERR(file)) {
+ r = PTR_ERR(file);
+ goto put_kvm;
+ }
+
+ fd_install(fd, file);
+ return fd;
+
+put_kvm:
+ kvm_put_kvm(kvm);
+ kvm_destroy_one_plane(plane);
+put_fd:
+ put_unused_fd(fd);
+ return r;
+}
+
+
#define SANITY_CHECK_MEM_REGION_FIELD(field) \
do { \
BUILD_BUG_ON(offsetof(struct kvm_userspace_memory_region, field) != \
@@ -5306,6 +5377,9 @@ static long kvm_vm_ioctl(struct file *filp,
if (kvm->mm != current->mm || kvm->vm_dead)
return -EIO;
switch (ioctl) {
+ case KVM_CREATE_PLANE:
+ r = kvm_vm_ioctl_create_plane(kvm, arg);
+ break;
case KVM_CREATE_VCPU:
r = kvm_vm_ioctl_create_vcpu(kvm, arg);
break;
@@ -6676,6 +6750,7 @@ int kvm_init(unsigned vcpu_size, unsigned vcpu_align, struct module *module)
kvm_chardev_ops.owner = module;
kvm_vm_fops.owner = module;
kvm_vcpu_fops.owner = module;
+ kvm_plane_fops.owner = module;
kvm_device_fops.owner = module;
kvm_preempt_ops.sched_in = kvm_sched_in;
--
2.53.0
^ permalink raw reply related
* [PATCH 34/60] kvm: Keep track of plane VCPUs in struct kvm_vcpu_common
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Joerg Roedel <joerg.roedel@amd.com>
Introduce an array which keeps track of per-plane VCPU instances for a
single VCPU index. This is a short-cut to not always tranverse the
xarrays on plane switches.
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
include/linux/kvm_host.h | 6 ++++++
virt/kvm/kvm_main.c | 3 +++
2 files changed, 9 insertions(+)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index b8c3f8f11cb4..5c3f9dfa15ea 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -335,6 +335,8 @@ struct kvm_vcpu_common {
/* Currently active VCPU */
struct kvm_vcpu *current_vcpu;
+ struct kvm_vcpu *vcpus[KVM_MAX_PLANES];
+
/* Locks */
int ____srcu_idx; /* Don't use this directly. You've been warned. */
#ifdef CONFIG_PROVE_RCU
@@ -382,6 +384,10 @@ struct kvm_vcpu_common {
struct kvm_vcpu_arch_common arch;
};
+#define vcpu_for_each_plane(common, i, v) \
+ for ((i) = 0; (i) < KVM_MAX_PLANES; ++(i)) \
+ if (((v) = common->vcpus[(i)]) != NULL)
+
struct kvm_vcpu {
struct kvm *kvm;
struct kvm_plane *plane;
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 8839f91fd15e..9d30fd85ce5f 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -524,6 +524,8 @@ static int kvm_vcpu_init_common(struct kvm_vcpu *vcpu, struct kvm *kvm, unsigned
static void kvm_vcpu_finish_common(struct kvm_vcpu *vcpu)
{
+ WARN_ON(vcpu->common->vcpus[vcpu->plane_level] != NULL);
+ vcpu->common->vcpus[vcpu->plane_level] = vcpu;
smp_wmb();
if (vcpu->plane_level == 0) {
/*
@@ -555,6 +557,7 @@ static void kvm_vcpu_common_destroy(struct kvm_vcpu *vcpu)
vcpu->common = NULL;
vcpu->run = NULL;
+ common->vcpus[vcpu->plane_level] = NULL;
if (vcpu->plane_level != 0)
return;
--
2.53.0
^ permalink raw reply related
* [PATCH 12/60] kvm: Move vcpu accounting to struct kvm_vcpu_common
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel, Carlos López
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Joerg Roedel <joerg.roedel@amd.com>
Do the accounting of created vcpus and the sanity checks only once per
plane.
Co-developed-by: Carlos López <clopez@suse.de>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
include/linux/kvm_host.h | 2 +
virt/kvm/kvm_main.c | 108 ++++++++++++++++++++++++---------------
2 files changed, 68 insertions(+), 42 deletions(-)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index c4c4922df965..47144a83f9c5 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -325,6 +325,8 @@ struct kvm_mmio_fragment {
struct kvm_vcpu_common {
struct kvm *kvm;
+ int vcpu_idx; /* index into kvm->planes[]->vcpu_array */
+
/* Currently active VCPU */
struct kvm_vcpu *current_vcpu;
};
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index fb840d029c56..14e74cdc4709 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -438,18 +438,58 @@ void *kvm_mmu_memory_cache_alloc(struct kvm_mmu_memory_cache *mc)
}
#endif
-static int kvm_vcpu_init_common(struct kvm_vcpu *vcpu, struct kvm *kvm)
+static int kvm_vcpu_init_common(struct kvm_vcpu *vcpu, struct kvm *kvm, unsigned long id)
{
- struct kvm_vcpu_common *common = kzalloc(sizeof(*common), GFP_KERNEL_ACCOUNT);
+ struct kvm_vcpu_common *common __free(kfree) = kzalloc(sizeof(*common), GFP_KERNEL_ACCOUNT);
+ int r;
- if (common == NULL)
- return -ENOMEM;
+ /*
+ * KVM tracks vCPU IDs as 'int', be kind to userspace and reject
+ * too-large values instead of silently truncating.
+ *
+ * Ensure KVM_MAX_VCPU_IDS isn't pushed above INT_MAX without first
+ * changing the storage type (at the very least, IDs should be tracked
+ * as unsigned ints).
+ */
+ BUILD_BUG_ON(KVM_MAX_VCPU_IDS > INT_MAX);
+ if (id >= KVM_MAX_VCPU_IDS)
+ return -EINVAL;
+
+ mutex_lock(&kvm->lock);
+ kvm->created_vcpus++;
+ mutex_unlock(&kvm->lock);
+
+ if (common == NULL) {
+ r = -ENOMEM;
+ goto out_drop_counter;
+ }
+
+ common->vcpu_idx = atomic_read(&kvm->online_vcpus);
common->kvm = kvm;
common->current_vcpu = vcpu;
- vcpu->common = common;
+ vcpu->common = no_free_ptr(common);
return 0;
+
+out_drop_counter:
+ mutex_lock(&kvm->lock);
+ kvm->created_vcpus--;
+ mutex_unlock(&kvm->lock);
+
+ return r;
+}
+
+static void kvm_vcpu_finish_common(struct kvm_vcpu *vcpu)
+{
+ smp_wmb();
+ if (vcpu->plane_level == 0) {
+ /*
+ * Pairs with smp_rmb() in kvm_get_vcpu. Store the vcpu
+ * pointer before kvm->online_vcpu's incremented value.
+ */
+ atomic_inc(&vcpu->kvm->online_vcpus);
+ }
}
static void kvm_vcpu_init(struct kvm_vcpu *vcpu, struct kvm *kvm, unsigned id)
@@ -482,10 +522,19 @@ static void kvm_vcpu_init(struct kvm_vcpu *vcpu, struct kvm *kvm, unsigned id)
static void kvm_vcpu_common_destroy(struct kvm_vcpu *vcpu)
{
- if (vcpu->plane_level == 0)
- kfree(vcpu->common);
+ struct kvm_vcpu_common *common = vcpu->common;
+ struct kvm *kvm = common->kvm;
vcpu->common = NULL;
+
+ if (vcpu->plane_level != 0)
+ return;
+
+ mutex_lock(&common->kvm->lock);
+ kvm->created_vcpus--;
+ mutex_unlock(&common->kvm->lock);
+
+ kfree(common);
}
static void kvm_vcpu_destroy(struct kvm_vcpu *vcpu)
@@ -4235,22 +4284,10 @@ static void kvm_create_vcpu_debugfs(struct kvm_vcpu *vcpu)
*/
static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, unsigned long id)
{
- int r;
+ int r = -EINVAL;
struct kvm_vcpu *vcpu;
struct page *page;
- /*
- * KVM tracks vCPU IDs as 'int', be kind to userspace and reject
- * too-large values instead of silently truncating.
- *
- * Ensure KVM_MAX_VCPU_IDS isn't pushed above INT_MAX without first
- * changing the storage type (at the very least, IDs should be tracked
- * as unsigned ints).
- */
- BUILD_BUG_ON(KVM_MAX_VCPU_IDS > INT_MAX);
- if (id >= KVM_MAX_VCPU_IDS)
- return -EINVAL;
-
mutex_lock(&kvm->lock);
if (kvm->created_vcpus >= kvm->max_vcpus) {
mutex_unlock(&kvm->lock);
@@ -4258,24 +4295,20 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, unsigned long id)
}
r = kvm_arch_vcpu_precreate(kvm, id);
- if (r) {
- mutex_unlock(&kvm->lock);
- return r;
- }
-
- kvm->created_vcpus++;
mutex_unlock(&kvm->lock);
+ if (r)
+ return r;
vcpu = kmem_cache_zalloc(kvm_vcpu_cache, GFP_KERNEL_ACCOUNT);
- if (!vcpu) {
- r = -ENOMEM;
- goto vcpu_decrement;
- }
+ if (!vcpu)
+ return -ENOMEM;
- r = kvm_vcpu_init_common(vcpu, kvm);
+ r = kvm_vcpu_init_common(vcpu, kvm, id);
if (r)
goto vcpu_free;
+ vcpu->vcpu_idx = vcpu->common->vcpu_idx;
+
BUILD_BUG_ON(sizeof(struct kvm_run) > PAGE_SIZE);
page = alloc_page(GFP_KERNEL_ACCOUNT | __GFP_ZERO);
if (!page) {
@@ -4304,7 +4337,6 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, unsigned long id)
goto unlock_vcpu_destroy;
}
- vcpu->vcpu_idx = atomic_read(&kvm->online_vcpus);
r = xa_insert(&kvm->planes[0]->vcpu_array, vcpu->vcpu_idx, vcpu, GFP_KERNEL_ACCOUNT);
WARN_ON_ONCE(r == -EBUSY);
if (r)
@@ -4324,12 +4356,7 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, unsigned long id)
if (r < 0)
goto kvm_put_xa_erase;
- /*
- * Pairs with smp_rmb() in kvm_get_vcpu. Store the vcpu
- * pointer before kvm->online_vcpu's incremented value.
- */
- smp_wmb();
- atomic_inc(&kvm->online_vcpus);
+ kvm_vcpu_finish_common(vcpu);
mutex_unlock(&vcpu->mutex);
mutex_unlock(&kvm->lock);
@@ -4352,10 +4379,7 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, unsigned long id)
kvm_vcpu_common_destroy(vcpu);
vcpu_free:
kmem_cache_free(kvm_vcpu_cache, vcpu);
-vcpu_decrement:
- mutex_lock(&kvm->lock);
- kvm->created_vcpus--;
- mutex_unlock(&kvm->lock);
+
return r;
}
--
2.53.0
^ permalink raw reply related
* [PATCH 25/60] kvm: Move kvm_vcpu->dirty_ring to struct kvm_vcpu_common
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Joerg Roedel <joerg.roedel@amd.com>
The dirty tracking should happen across all planes of a given VCPU, so
move the dirty_ring to struct kvm_vcpu_common.
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
include/linux/kvm_host.h | 3 ++-
virt/kvm/dirty_ring.c | 4 ++--
virt/kvm/kvm_main.c | 22 ++++++++++------------
3 files changed, 14 insertions(+), 15 deletions(-)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index f6e8a0b653b3..7d06459a06f3 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -373,6 +373,8 @@ struct kvm_vcpu_common {
bool preempted;
bool ready;
bool scheduled_out;
+
+ struct kvm_dirty_ring dirty_ring;
};
struct kvm_vcpu {
@@ -413,7 +415,6 @@ struct kvm_vcpu {
struct kvm_vcpu_arch arch;
struct kvm_vcpu_stat stat;
char stats_id[KVM_STATS_NAME_SIZE];
- struct kvm_dirty_ring dirty_ring;
/*
* The most recently used memslot by this vCPU and the slots generation
diff --git a/virt/kvm/dirty_ring.c b/virt/kvm/dirty_ring.c
index 572b854edf74..c6f46b93bddb 100644
--- a/virt/kvm/dirty_ring.c
+++ b/virt/kvm/dirty_ring.c
@@ -218,7 +218,7 @@ int kvm_dirty_ring_reset(struct kvm *kvm, struct kvm_dirty_ring *ring,
void kvm_dirty_ring_push(struct kvm_vcpu *vcpu, u32 slot, u64 offset)
{
- struct kvm_dirty_ring *ring = &vcpu->dirty_ring;
+ struct kvm_dirty_ring *ring = &vcpu->common->dirty_ring;
struct kvm_dirty_gfn *entry;
/* It should never get full */
@@ -250,7 +250,7 @@ bool kvm_dirty_ring_check_request(struct kvm_vcpu *vcpu)
* the dirty ring is reset by userspace.
*/
if (kvm_check_request(KVM_REQ_DIRTY_RING_SOFT_FULL, vcpu) &&
- kvm_dirty_ring_soft_full(&vcpu->dirty_ring)) {
+ kvm_dirty_ring_soft_full(&vcpu->common->dirty_ring)) {
kvm_make_request(KVM_REQ_DIRTY_RING_SOFT_FULL, vcpu);
vcpu->run->exit_reason = KVM_EXIT_DIRTY_RING_FULL;
trace_kvm_dirty_ring_exit(vcpu);
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 24ff8748a317..f85ddb0fc781 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -483,6 +483,13 @@ static int kvm_vcpu_init_common(struct kvm_vcpu *vcpu, struct kvm *kvm, unsigned
common->ready = false;
preempt_notifier_init(&common->preempt_notifier, &kvm_preempt_ops);
+ if (kvm->dirty_ring_size) {
+ r = kvm_dirty_ring_alloc(kvm, &common->dirty_ring,
+ id, kvm->dirty_ring_size);
+ if (r)
+ goto out_drop_counter;
+ }
+
vcpu->common = no_free_ptr(common);
kvm_vcpu_set_in_spin_loop(vcpu, false);
@@ -547,6 +554,7 @@ static void kvm_vcpu_common_destroy(struct kvm_vcpu *vcpu)
* are already gone.
*/
put_pid(common->pid);
+ kvm_dirty_ring_free(&common->dirty_ring);
kfree(common);
}
@@ -555,7 +563,6 @@ static void kvm_vcpu_destroy(struct kvm_vcpu *vcpu)
kvm_arch_vcpu_destroy(vcpu);
kvm_vcpu_common_destroy(vcpu);
- kvm_dirty_ring_free(&vcpu->dirty_ring);
free_page((unsigned long)vcpu->run);
kmem_cache_free(kvm_vcpu_cache, vcpu);
@@ -4209,7 +4216,7 @@ static vm_fault_t kvm_vcpu_fault(struct vm_fault *vmf)
#endif
else if (kvm_page_in_dirty_ring(vcpu->kvm, vmf->pgoff))
page = kvm_dirty_ring_get_page(
- &vcpu->dirty_ring,
+ &vcpu->common->dirty_ring,
vmf->pgoff - KVM_DIRTY_LOG_PAGE_OFFSET);
else
return kvm_arch_vcpu_fault(vcpu, vmf);
@@ -4338,13 +4345,6 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, unsigned long id)
if (r)
goto vcpu_free_run_page;
- if (kvm->dirty_ring_size) {
- r = kvm_dirty_ring_alloc(kvm, &vcpu->dirty_ring,
- id, kvm->dirty_ring_size);
- if (r)
- goto arch_vcpu_destroy;
- }
-
mutex_lock(&kvm->lock);
if (kvm_get_vcpu_by_id(kvm, id)) {
@@ -4385,8 +4385,6 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, unsigned long id)
xa_erase(&kvm->planes[0]->vcpu_array, vcpu->vcpu_idx);
unlock_vcpu_destroy:
mutex_unlock(&kvm->lock);
- kvm_dirty_ring_free(&vcpu->dirty_ring);
-arch_vcpu_destroy:
kvm_arch_vcpu_destroy(vcpu);
vcpu_free_run_page:
free_page((unsigned long)vcpu->run);
@@ -5120,7 +5118,7 @@ static int kvm_vm_ioctl_reset_dirty_pages(struct kvm *kvm)
mutex_lock(&kvm->slots_lock);
kvm_for_each_vcpu(i, vcpu, kvm) {
- r = kvm_dirty_ring_reset(vcpu->kvm, &vcpu->dirty_ring, &cleared);
+ r = kvm_dirty_ring_reset(vcpu->kvm, &vcpu->common->dirty_ring, &cleared);
if (r)
break;
}
--
2.53.0
^ permalink raw reply related
* [PATCH 18/60] kvm: Move kvm_vcpu->rcuwait to struct kvm_vcpu_common
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Joerg Roedel <joerg.roedel@amd.com>
The rcuwait member is used to block and wake a VCPU thread. Since all
plane VCPUs share a thread, there must only be a single wait object.
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
arch/loongarch/kvm/timer.c | 2 +-
arch/mips/kvm/mips.c | 4 ++--
include/linux/kvm_host.h | 9 +++++----
virt/kvm/kvm_main.c | 7 ++++---
4 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/arch/loongarch/kvm/timer.c b/arch/loongarch/kvm/timer.c
index 8356fce0043f..9da10aa90558 100644
--- a/arch/loongarch/kvm/timer.c
+++ b/arch/loongarch/kvm/timer.c
@@ -31,7 +31,7 @@ enum hrtimer_restart kvm_swtimer_wakeup(struct hrtimer *timer)
vcpu = container_of(timer, struct kvm_vcpu, arch.swtimer);
kvm_queue_irq(vcpu, INT_TI);
- rcuwait_wake_up(&vcpu->wait);
+ rcuwait_wake_up(kvm_arch_vcpu_get_wait(vcpu));
return HRTIMER_NORESTART;
}
diff --git a/arch/mips/kvm/mips.c b/arch/mips/kvm/mips.c
index f928ba105104..6469ec246dd6 100644
--- a/arch/mips/kvm/mips.c
+++ b/arch/mips/kvm/mips.c
@@ -265,7 +265,7 @@ static enum hrtimer_restart kvm_mips_comparecount_wakeup(struct hrtimer *timer)
kvm_mips_callbacks->queue_timer_int(vcpu);
vcpu->arch.wait = 0;
- rcuwait_wake_up(&vcpu->wait);
+ rcuwait_wake_up(kvm_arch_vcpu_get_wait(vcpu));
return kvm_mips_count_timeout(vcpu);
}
@@ -507,7 +507,7 @@ int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu,
dvcpu->arch.wait = 0;
- rcuwait_wake_up(&dvcpu->wait);
+ rcuwait_wake_up(kvm_arch_vcpu_get_wait(dvcpu));
return 0;
}
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index c8085c23e18e..c08ede1cefd2 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -337,6 +337,10 @@ struct kvm_vcpu_common {
#endif
struct mutex mutex;
+#ifndef __KVM_HAVE_ARCH_WQP
+ struct rcuwait wait;
+#endif
+
/* Scheduling state */
#ifdef CONFIG_PREEMPT_NOTIFIERS
struct preempt_notifier preempt_notifier;
@@ -361,9 +365,6 @@ struct kvm_vcpu {
struct kvm_run *run;
-#ifndef __KVM_HAVE_ARCH_WQP
- struct rcuwait wait;
-#endif
struct pid *pid;
rwlock_t pid_lock;
int sigset_active;
@@ -1806,7 +1807,7 @@ static inline struct rcuwait *kvm_arch_vcpu_get_wait(struct kvm_vcpu *vcpu)
#ifdef __KVM_HAVE_ARCH_WQP
return vcpu->arch.waitp;
#else
- return &vcpu->wait;
+ return &vcpu->common->wait;
#endif
}
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 9accca10c249..11e0d4af82df 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -468,6 +468,10 @@ static int kvm_vcpu_init_common(struct kvm_vcpu *vcpu, struct kvm *kvm, unsigned
mutex_init(&common->mutex);
+#ifndef __KVM_HAVE_ARCH_WQP
+ rcuwait_init(&common->wait);
+#endif
+
common->kvm = kvm;
common->current_vcpu = vcpu;
@@ -508,9 +512,6 @@ static void kvm_vcpu_init(struct kvm_vcpu *vcpu, struct kvm *kvm, unsigned id)
vcpu->vcpu_id = id;
vcpu->pid = NULL;
rwlock_init(&vcpu->pid_lock);
-#ifndef __KVM_HAVE_ARCH_WQP
- rcuwait_init(&vcpu->wait);
-#endif
kvm_async_pf_vcpu_init(vcpu);
kvm_vcpu_set_in_spin_loop(vcpu, false);
--
2.53.0
^ permalink raw reply related
* [PATCH 53/60] kvm: x86: Introduce max_planes x86-op
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Paolo Bonzini <pbonzini@redhat.com>
Allow x86 hardware backends to overwrite the number of supported
planes per VM type.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Co-developed-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
arch/x86/include/asm/kvm-x86-ops.h | 1 +
arch/x86/include/asm/kvm_host.h | 2 ++
arch/x86/kvm/svm/svm.c | 1 +
arch/x86/kvm/vmx/main.c | 1 +
arch/x86/kvm/x86.c | 8 +++++++-
arch/x86/kvm/x86.h | 1 +
6 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h
index 207d56d12459..4f96090c04c9 100644
--- a/arch/x86/include/asm/kvm-x86-ops.h
+++ b/arch/x86/include/asm/kvm-x86-ops.h
@@ -152,6 +152,7 @@ KVM_X86_OP_OPTIONAL_RET0(gmem_max_mapping_level)
KVM_X86_OP_OPTIONAL(gmem_invalidate)
KVM_X86_OP(alloc_plane)
KVM_X86_OP(free_plane)
+KVM_X86_OP(max_planes)
#endif
#undef KVM_X86_OP
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 1b7aa48c961e..bfa0188d372f 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -2016,6 +2016,8 @@ struct kvm_x86_ops {
struct kvm_plane *(*alloc_plane)(void);
void (*free_plane)(struct kvm_plane *);
+
+ unsigned (*max_planes)(struct kvm *);
};
struct kvm_x86_nested_ops {
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 2a92d8d18d7c..99357de14034 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -5448,6 +5448,7 @@ struct kvm_x86_ops svm_x86_ops __initdata = {
.alloc_plane = x86_alloc_plane,
.free_plane = x86_free_plane,
+ .max_planes = kvm_x86_default_max_planes,
};
/*
diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c
index a2fc4eeeca1d..572921bdfb32 100644
--- a/arch/x86/kvm/vmx/main.c
+++ b/arch/x86/kvm/vmx/main.c
@@ -1034,6 +1034,7 @@ struct kvm_x86_ops vt_x86_ops __initdata = {
.alloc_plane = x86_alloc_plane,
.free_plane = x86_free_plane,
+ .max_planes = kvm_x86_default_max_planes,
};
struct kvm_x86_init_ops vt_init_ops __initdata = {
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 60b34bd4da9d..c6910356b061 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -482,10 +482,16 @@ static u32 msr_based_features[ARRAY_SIZE(msr_based_features_all_except_vmx) +
(KVM_LAST_EMULATED_VMX_MSR - KVM_FIRST_EMULATED_VMX_MSR + 1)];
static unsigned int num_msr_based_features;
-unsigned kvm_arch_max_planes(struct kvm *kvm)
+unsigned kvm_x86_default_max_planes(struct kvm *kvm)
{
return 1;
}
+EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_x86_default_max_planes);
+
+unsigned kvm_arch_max_planes(struct kvm *kvm)
+{
+ return kvm_x86_call(max_planes)(kvm);
+}
struct kvm_plane *x86_alloc_plane(void)
{
diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index 812bd6004a4c..ff57ba568031 100644
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -800,5 +800,6 @@ static inline bool kvm_is_valid_u_s_cet(struct kvm_vcpu *vcpu, u64 data)
struct kvm_plane *x86_alloc_plane(void);
void x86_free_plane(struct kvm_plane *plane);
+unsigned kvm_x86_default_max_planes(struct kvm *kvm);
#endif
--
2.53.0
^ permalink raw reply related
* [PATCH 23/60] kvm: Move kvm_vcpu sigset members to struct kvm_vcpu_common
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Joerg Roedel <joerg.roedel@amd.com>
These are the same across all planes for one VCPU, so make then
shared.
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
include/linux/kvm_host.h | 4 ++--
virt/kvm/kvm_main.c | 18 ++++++++++++------
2 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 73786712495d..9220c452aa3a 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -348,6 +348,8 @@ struct kvm_vcpu_common {
struct pid *pid;
rwlock_t pid_lock;
+ int sigset_active;
+ sigset_t sigset;
/* Scheduling state */
#ifdef CONFIG_PREEMPT_NOTIFIERS
@@ -371,8 +373,6 @@ struct kvm_vcpu {
struct kvm_run *run;
- int sigset_active;
- sigset_t sigset;
unsigned int halt_poll_ns;
u64 plane_requests;
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index af3c4e0081b8..1858880ee3d3 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -3694,7 +3694,9 @@ EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_vcpu_mark_page_dirty);
void kvm_sigset_activate(struct kvm_vcpu *vcpu)
{
- if (!vcpu->sigset_active)
+ struct kvm_vcpu_common *common = vcpu->common;
+
+ if (!common->sigset_active)
return;
/*
@@ -3703,12 +3705,14 @@ void kvm_sigset_activate(struct kvm_vcpu *vcpu)
* ->real_blocked don't care as long ->real_blocked is always a subset
* of ->blocked.
*/
- sigprocmask(SIG_SETMASK, &vcpu->sigset, ¤t->real_blocked);
+ sigprocmask(SIG_SETMASK, &common->sigset, ¤t->real_blocked);
}
void kvm_sigset_deactivate(struct kvm_vcpu *vcpu)
{
- if (!vcpu->sigset_active)
+ struct kvm_vcpu_common *common = vcpu->common;
+
+ if (!common->sigset_active)
return;
sigprocmask(SIG_SETMASK, ¤t->real_blocked, NULL);
@@ -4391,12 +4395,14 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, unsigned long id)
static int kvm_vcpu_ioctl_set_sigmask(struct kvm_vcpu *vcpu, sigset_t *sigset)
{
+ struct kvm_vcpu_common *common = vcpu->common;
+
if (sigset) {
sigdelsetmask(sigset, sigmask(SIGKILL)|sigmask(SIGSTOP));
- vcpu->sigset_active = 1;
- vcpu->sigset = *sigset;
+ common->sigset_active = 1;
+ common->sigset = *sigset;
} else
- vcpu->sigset_active = 0;
+ common->sigset_active = 0;
return 0;
}
--
2.53.0
^ permalink raw reply related
* [PATCH 08/60] Documentation: kvm: introduce "VM plane" concept
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Paolo Bonzini <pbonzini@redhat.com>
There have been multiple occurrences of processors introducing a virtual
privilege level concept for guests, where the hypervisor hosts multiple
copies of a vCPU's register state (or at least of most of it) and provides
hypercalls or instructions to switch between them. These include AMD
VMPLs, Intel TDX partitions, Microsoft Hyper-V VTLs, and ARM CCA planes.
Include documentation on how the feature will be exposed to userspace.
In the past, two main solutions that were attempted, mostly in the context
of Hyper-V VTLs and SEV-SNP VMPLs:
- use a single vCPU file descriptor, and store multiple copies of the state
in a single struct kvm_vcpu. This requires a lot of changes to
provide multiple copies of affected fields, especially MMUs and APICs;
and complex uAPI extensions to direct existing ioctls to a specific
privilege level. This solution looked marginally okay for SEV-SNP
VMPLs, but only because the copies of the register state were hidden
in the VMSA (KVM does not manage it); it showed all its problems when
applied to Hyper-V VTLs.
- use multiple VM and vCPU file descriptors, and handle the switch entirely
in userspace. This got gnarly pretty fast for even more reasons than
the previous case, for example because VMs could not share anymore
memslots, including dirty bitmaps and private/shared attributes (a
substantial problem for SEV-SNP since VMPLs share their ASID). Another
problem was the need to share _some_ register state across VTLs and
to control that vCPUs did not run in parallel; there needed to be a
lot of logic to be added in userspace to ensure that higher-privileged
VTL properly interrupted a lower-privileged one.
This solution also complicates in-kernel implementation of privilege
level switch, or even makes it impossible, because there is no kernel
knowledge of the relationship between vCPUs that have the same id but
belong to different privilege levels.
Especially given the need to accelerate switches in kernel, it is clear
that KVM needs some level of knowledge of the relationship between vCPUs
that have the same id but belong to different privilege levels. For this
reason, I proposed a design that only gives the initial set of VM and vCPU file
descriptors the full set of ioctls + struct kvm_run; other privilege
levels instead only support a small part of the KVM API. In fact for
the vm file descriptor it is only three ioctls: KVM_CHECK_EXTENSION,
KVM_SIGNAL_MSI, KVM_SET_MEMORY_ATTRIBUTES. For vCPUs it is basically
KVM_GET/SET_*.
This solves a lot of the problems in the multiple-file-descriptors solution,
namely it gets for free the ability to avoid parallel execution of the
same vCPUs in different privilege levels. Changes to the userspace API
of course exist, but they are relatively small and more easily backwards
compatible, because they boil down to the introduction of new file
descriptor kinds instead of having to change the inputs to all affected
ioctls.
It does share some of the code churn issues in the single-file-descriptor
solution; on the other hand a prototype multi-fd VMPL implementation[1]
also needed large scale changes which therefore seem unavoidable when
privilege levels are provided by hardware, and not a software concept
only as is the case for VTLs.
hardware
[1] https://lore.kernel.org/lkml/cover.1726506534.git.roy.hopkins@suse.com/
Acknowledgements: thanks to everyone who participated in the discussions,
you are too many to mention in a small margin. Thanks to Roy Hopkins,
Tom Lendacky, Anel Orazgaliyeva, Nicolas Saenz-Julienne for experimenting
with implementations of VTLs and VMPLs.
Ah, and because x86 has three names for it and Arm has one, choose the
Arm name for all architectures to avoid bikeshedding and to displease
everyone---including the KVM/arm64 folks, probably.
Co-developed-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
Documentation/virt/kvm/api.rst | 102 +++++++++++++++++++++++----------
1 file changed, 72 insertions(+), 30 deletions(-)
diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
index 52bbbb553ce1..d90b4a406454 100644
--- a/Documentation/virt/kvm/api.rst
+++ b/Documentation/virt/kvm/api.rst
@@ -56,6 +56,18 @@ be checked with :ref:`KVM_CHECK_EXTENSION <KVM_CHECK_EXTENSION>`. Some
capabilities also need to be enabled for VMs or VCPUs where their
functionality is desired (see :ref:`cap_enable` and :ref:`cap_enable_vm`).
+On some architectures, a "virtual privilege level" concept may be present
+apart from the usual separation between user and supervisor mode, or
+between hypervisor and guest mode. When this is the case, a single vCPU
+can have multiple copies of its register state (or at least most of it),
+and will switch between them through a special processor instruction,
+or through some kind of hypercall.
+
+KVM calls these privilege levels "planes". Planes other than the
+initially-created one (called "plane 0") have a file descriptor each,
+and so do the planes of each vCPU. Ioctls for vCPU planes should also
+be issued from a single thread, unless specially marked as asynchronous
+in the documentation.
2. Restrictions
===============
@@ -119,6 +131,11 @@ description:
Type:
system, vm, or vcpu.
+ File descriptors for planes other than plane 0 provide a subset
+ of vm and vcpu ioctls. Those that *are* supported in extra
+ planes are marked specially in the documentation (for example,
+ `vcpu (all planes)`).
+
Parameters:
what parameters are accepted by the ioctl.
@@ -309,7 +326,7 @@ the VCPU file descriptor can be mmap-ed, including:
:Capability: basic
:Architectures: all
-:Type: vm ioctl
+:Type: vm ioctl (all planes)
:Parameters: vcpu id (apic id on x86)
:Returns: vcpu fd on success, -1 on error
@@ -350,6 +367,8 @@ machines, the resulting vcpu fd can be memory mapped at page offset
KVM_S390_SIE_PAGE_OFFSET in order to obtain a memory map of the virtual
cpu's hardware control block.
+VCPUs for non-zero planes can only be created if the VCPU the same index has
+already been created for plane zero.
4.8 KVM_GET_DIRTY_LOG
---------------------
@@ -421,7 +440,7 @@ kvm_run' (see below).
:Capability: basic
:Architectures: all except arm64
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_regs (out)
:Returns: 0 on success, -1 on error
@@ -461,7 +480,7 @@ Reads the general purpose registers from the vcpu.
:Capability: basic
:Architectures: all except arm64
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_regs (in)
:Returns: 0 on success, -1 on error
@@ -475,7 +494,7 @@ See KVM_GET_REGS for the data structure.
:Capability: basic
:Architectures: x86, ppc
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_sregs (out)
:Returns: 0 on success, -1 on error
@@ -506,7 +525,7 @@ but not yet injected into the cpu core.
:Capability: basic
:Architectures: x86, ppc
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_sregs (in)
:Returns: 0 on success, -1 on error
@@ -519,7 +538,7 @@ data structures.
:Capability: basic
:Architectures: x86
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_translation (in/out)
:Returns: 0 on success, -1 on error
@@ -645,7 +664,7 @@ This is an asynchronous vcpu ioctl and can be invoked from any thread.
:Capability: basic (vcpu), KVM_CAP_GET_MSR_FEATURES (system)
:Architectures: x86
-:Type: system ioctl, vcpu ioctl
+:Type: system ioctl, vcpu ioctl (all planes)
:Parameters: struct kvm_msrs (in/out)
:Returns: number of msrs successfully returned;
-1 on error
@@ -685,7 +704,7 @@ kvm will fill in the 'data' member.
:Capability: basic
:Architectures: x86
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_msrs (in)
:Returns: number of msrs successfully set (see below), -1 on error
@@ -773,7 +792,7 @@ signal mask.
:Capability: basic
:Architectures: x86, loongarch
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_fpu (out)
:Returns: 0 on success, -1 on error
@@ -811,7 +830,7 @@ Reads the floating point state from the vcpu.
:Capability: basic
:Architectures: x86, loongarch
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_fpu (in)
:Returns: 0 on success, -1 on error
@@ -1128,7 +1147,7 @@ Other flags returned by ``KVM_GET_CLOCK`` are accepted but ignored.
:Capability: KVM_CAP_VCPU_EVENTS
:Extended by: KVM_CAP_INTR_SHADOW
:Architectures: x86, arm64
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_vcpu_events (out)
:Returns: 0 on success, -1 on error
@@ -1254,7 +1273,7 @@ Calling this ioctl on a vCPU that hasn't been initialized will return
:Capability: KVM_CAP_VCPU_EVENTS
:Extended by: KVM_CAP_INTR_SHADOW
:Architectures: x86, arm64
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_vcpu_events (in)
:Returns: 0 on success, -1 on error
@@ -1323,7 +1342,7 @@ Calling this ioctl on a vCPU that hasn't been initialized will return
:Capability: KVM_CAP_DEBUGREGS
:Architectures: x86
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_debugregs (out)
:Returns: 0 on success, -1 on error
@@ -1345,7 +1364,7 @@ Reads debug registers from the vcpu.
:Capability: KVM_CAP_DEBUGREGS
:Architectures: x86
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_debugregs (in)
:Returns: 0 on success, -1 on error
@@ -1662,7 +1681,7 @@ otherwise it will return EBUSY error.
:Capability: KVM_CAP_XSAVE
:Architectures: x86
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_xsave (out)
:Returns: 0 on success, -1 on error
@@ -1682,7 +1701,7 @@ This ioctl would copy current vcpu's xsave struct to the userspace.
:Capability: KVM_CAP_XSAVE and KVM_CAP_XSAVE2
:Architectures: x86
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_xsave (in)
:Returns: 0 on success, -1 on error
@@ -1710,7 +1729,7 @@ contents of CPUID leaf 0xD on the host.
:Capability: KVM_CAP_XCRS
:Architectures: x86
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_xcrs (out)
:Returns: 0 on success, -1 on error
@@ -1737,7 +1756,7 @@ This ioctl would copy current vcpu's xcrs to the userspace.
:Capability: KVM_CAP_XCRS
:Architectures: x86
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_xcrs (in)
:Returns: 0 on success, -1 on error
@@ -1886,11 +1905,14 @@ The flags bitmap is defined as::
:Capability: KVM_CAP_IRQ_ROUTING
:Architectures: x86 s390 arm64
-:Type: vm ioctl
+:Type: vm ioctl (all planes)
:Parameters: struct kvm_irq_routing (in)
:Returns: 0 on success, -1 on error
Sets the GSI routing table entries, overwriting any previously set entries.
+Note that the kernel maintains only one GSI routing table for all planes. The
+plane for which the GSI routing table was set last will receive all interrupts
+signaled through GSI pins.
On arm64, GSI routing has the following limitation:
@@ -2040,7 +2062,7 @@ error.
:Capability: KVM_CAP_IRQCHIP
:Architectures: x86
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_lapic_state (out)
:Returns: 0 on success, -1 on error
@@ -2071,7 +2093,7 @@ always uses xAPIC format.
:Capability: KVM_CAP_IRQCHIP
:Architectures: x86
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_lapic_state (in)
:Returns: 0 on success, -1 on error
@@ -2305,7 +2327,7 @@ prior to calling the KVM_RUN ioctl.
:Capability: KVM_CAP_ONE_REG
:Architectures: all
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_one_reg (in)
:Returns: 0 on success, negative value on failure
@@ -2930,7 +2952,7 @@ Following are the KVM-defined registers for x86:
:Capability: KVM_CAP_ONE_REG
:Architectures: all
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_one_reg (in and out)
:Returns: 0 on success, negative value on failure
@@ -2984,7 +3006,7 @@ after pausing the vcpu, but before it is resumed.
:Capability: KVM_CAP_SIGNAL_MSI
:Architectures: x86 arm64
-:Type: vm ioctl
+:Type: vm ioctl (all planes)
:Parameters: struct kvm_msi (in)
:Returns: >0 on delivery, 0 if guest blocked the MSI, and -1 on error
@@ -3605,7 +3627,7 @@ VCPU matching underlying host.
:Capability: basic
:Architectures: arm64, mips, riscv, x86 (if KVM_CAP_ONE_REG)
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_reg_list (in/out)
:Returns: 0 on success; -1 on error
@@ -4904,7 +4926,7 @@ The acceptable values for the flags field are::
:Capability: KVM_CAP_NESTED_STATE
:Architectures: x86
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_nested_state (in/out)
:Returns: 0 on success, -1 on error
@@ -4978,7 +5000,7 @@ to the KVM_CHECK_EXTENSION ioctl().
:Capability: KVM_CAP_NESTED_STATE
:Architectures: x86
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_nested_state (in)
:Returns: 0 on success, -1 on error
@@ -5859,7 +5881,7 @@ then ``length`` is returned.
:Capability: KVM_CAP_SREGS2
:Architectures: x86
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_sregs2 (out)
:Returns: 0 on success, -1 on error
@@ -5892,7 +5914,7 @@ flags values for ``kvm_sregs2``:
:Capability: KVM_CAP_SREGS2
:Architectures: x86
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_sregs2 (in)
:Returns: 0 on success, -1 on error
@@ -6108,7 +6130,7 @@ as the descriptors in Descriptors block.
:Capability: KVM_CAP_XSAVE2
:Architectures: x86
-:Type: vcpu ioctl
+:Type: vcpu ioctl (all planes)
:Parameters: struct kvm_xsave (out)
:Returns: 0 on success, -1 on error
@@ -6555,6 +6577,26 @@ KVM_S390_KEYOP_SSKE
.. _kvm_run:
+.. _KVM_CREATE_PLANE:
+
+4.145 KVM_CREATE_PLANE
+----------------------
+
+:Capability: KVM_CAP_PLANES
+:Architectures: none
+:Type: vm ioctl
+:Parameters: plane id
+:Returns: a VM fd that can be used to control the new plane.
+
+Creates a new *plane*, i.e. a separate privilege level for the virtual machine.
+
+Each plane has a numeric id that is used when communicating with KVM. While
+KVM is currently agnostic to whether low ids are more or less privileged, it is
+expected that this will not always be the case in the future. For example KVM
+in the future may use the plane id when planes are supported by hardware (as is
+the case for VMPLs in AMD), or if KVM supports accelerated plane switch
+operations (as might be the case for Hyper-V VTLs).
+
5. The kvm_run structure
========================
--
2.53.0
^ permalink raw reply related
* [PATCH 58/60] kvm: svm: Invoke a specified VMPL level VMSA for the vCPU
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Tom Lendacky <thomas.lendacky@amd.com>
Implement the SNP Run VMPL NAE event and MSR protocol to allow a guest to
request a different VMPL level VMSA be run for the vCPU. This allows the
guest to "call" an SVSM to process an SVSM request.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Co-developed-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
arch/x86/include/asm/sev-common.h | 6 +++
arch/x86/kvm/svm/sev.c | 71 +++++++++++++++++++++++++++++++
2 files changed, 77 insertions(+)
diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h
index cedb7ea91da5..a09cf5690aba 100644
--- a/arch/x86/include/asm/sev-common.h
+++ b/arch/x86/include/asm/sev-common.h
@@ -114,6 +114,8 @@ enum psc_op {
/* GHCB Run at VMPL Request/Response */
#define GHCB_MSR_VMPL_REQ 0x016
+#define GHCB_MSR_VMPL_LEVEL_POS 32
+#define GHCB_MSR_VMPL_LEVEL_MASK GENMASK_ULL(7, 0)
#define GHCB_MSR_VMPL_REQ_LEVEL(v) \
/* GHCBData[39:32] */ \
((((u64)(v) & GENMASK_ULL(7, 0)) << 32) | \
@@ -121,6 +123,10 @@ enum psc_op {
GHCB_MSR_VMPL_REQ)
#define GHCB_MSR_VMPL_RESP 0x017
+#define GHCB_MSR_VMPL_ERROR_POS 32
+#define GHCB_MSR_VMPL_ERROR_MASK GENMASK_ULL(31, 0)
+#define GHCB_MSR_VMPL_RSVD_POS 12
+#define GHCB_MSR_VMPL_RSVD_MASK GENMASK_ULL(19, 0)
#define GHCB_MSR_VMPL_RESP_VAL(v) \
/* GHCBData[63:32] */ \
(((u64)(v) & GENMASK_ULL(63, 32)) >> 32)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 53cd3aba7368..b67566fcb69e 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -3556,6 +3556,10 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm)
if (!sev_snp_guest(vcpu->kvm))
goto vmgexit_err;
break;
+ case SVM_VMGEXIT_SNP_RUN_VMPL:
+ if (!sev_snp_guest(vcpu->kvm))
+ goto vmgexit_err;
+ break;
default:
reason = GHCB_ERR_INVALID_EVENT;
goto vmgexit_err;
@@ -4593,6 +4597,45 @@ static void sev_get_apic_ids(struct vcpu_svm *svm)
kvfree(desc);
}
+static int __sev_snp_run_vmpl(struct vcpu_svm *svm, unsigned int vmpl)
+{
+ struct kvm_vcpu *vcpu = &svm->vcpu;
+ struct kvm_vcpu *target = vcpu->common->vcpus[vmpl];
+ struct vcpu_svm *target_svm = to_svm(target);
+
+ if (!target)
+ return -EINVAL;
+
+ /* Mark current plane as stopped so it is not selected */
+ kvm_set_mp_state(target, KVM_MP_STATE_RUNNABLE);
+ /* In case KVM_REQ_UPDATE_PROTECTED_GUEST_STATE is set - mark the new VMSA as runnable */
+ target_svm->sev_es.snp_ap_runnable = true;
+ kvm_vcpu_set_plane_runnable(target);
+ kvm_vcpu_set_plane_stopped(vcpu);
+
+ kvm_make_request(KVM_REQ_PLANE_RESCHED, vcpu);
+
+ return 1;
+}
+
+static int sev_snp_run_vmpl(struct vcpu_svm *svm)
+{
+ struct ghcb *ghcb = svm->sev_es.ghcb;
+ struct kvm_vcpu *vcpu = &svm->vcpu;
+ unsigned int vmpl;
+
+ vmpl = lower_32_bits(svm->vmcb->control.exit_info_1);
+ if (vmpl >= SVM_SEV_VMPL_MAX) {
+ vcpu_unimpl(vcpu, "vmgexit: invalid VMPL level [%u] from guest\n", vmpl);
+ return -EINVAL;
+ }
+
+ ghcb_set_sw_exit_info_1(ghcb, 0);
+ ghcb_set_sw_exit_info_2(ghcb, 0);
+
+ return __sev_snp_run_vmpl(svm, vmpl);
+}
+
static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm)
{
struct vmcb_control_area *control = &svm->vmcb->control;
@@ -4704,6 +4747,27 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm)
ret = snp_begin_psc_msr(svm, control->ghcb_gpa);
break;
+ case GHCB_MSR_VMPL_REQ: {
+ unsigned int vmpl;
+
+ if (!sev_snp_guest(vcpu->kvm))
+ goto out_terminate;
+
+ vmpl = get_ghcb_msr_bits(svm, GHCB_MSR_VMPL_LEVEL_MASK, GHCB_MSR_VMPL_LEVEL_POS);
+
+ set_ghcb_msr_bits(svm, 0, GHCB_MSR_VMPL_ERROR_MASK, GHCB_MSR_VMPL_ERROR_POS);
+ set_ghcb_msr_bits(svm, 0, GHCB_MSR_VMPL_RSVD_MASK, GHCB_MSR_VMPL_RSVD_POS);
+ set_ghcb_msr_bits(svm, GHCB_MSR_VMPL_RESP, GHCB_MSR_INFO_MASK, GHCB_MSR_INFO_POS);
+
+ if (vmpl >= SVM_SEV_VMPL_MAX) {
+ vcpu_unimpl(vcpu, "vmgexit: invalid VMPL level [%u] from guest\n", vmpl);
+ set_ghcb_msr_bits(svm, 1, GHCB_MSR_VMPL_ERROR_MASK, GHCB_MSR_VMPL_ERROR_POS);
+ break;
+ }
+
+ ret = __sev_snp_run_vmpl(svm, vmpl);
+ break;
+ }
case GHCB_MSR_TERM_REQ: {
u64 reason_set, reason_code;
@@ -4887,6 +4951,13 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu)
sev_get_apic_ids(svm);
ret = 1;
break;
+ case SVM_VMGEXIT_SNP_RUN_VMPL:
+ ret = sev_snp_run_vmpl(svm);
+ if (ret < 0) {
+ svm_vmgexit_bad_input(svm, GHCB_ERR_INVALID_INPUT);
+ ret = 1;
+ }
+ break;
case SVM_VMGEXIT_UNSUPPORTED_EVENT:
vcpu_unimpl(vcpu,
"vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n",
--
2.53.0
^ permalink raw reply related
* [PATCH 21/60] kvm: Introduce per-plane VCPU requests
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Joerg Roedel <joerg.roedel@amd.com>
The bitfield layout is shared with the global vcpu->common->requests
field. A new flag will indicate in which bitmap the request will be
set.
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
include/linux/kvm_host.h | 23 +++++++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 7704820986da..3c72a462ccfa 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -159,6 +159,7 @@ static inline bool kvm_is_error_gpa(gpa_t gpa)
#define KVM_REQUEST_NO_WAKEUP BIT(8)
#define KVM_REQUEST_WAIT BIT(9)
#define KVM_REQUEST_NO_ACTION BIT(10)
+#define KVM_REQUEST_PER_PLANE BIT(11)
/*
* Architecture-independent vcpu->requests bit members
* Bits 3-7 are reserved for more arch-independent bits.
@@ -184,6 +185,7 @@ static inline bool kvm_is_error_gpa(gpa_t gpa)
(unsigned)(((nr) + KVM_REQUEST_ARCH_BASE) | (flags)); \
})
#define KVM_ARCH_REQ(nr) KVM_ARCH_REQ_FLAGS(nr, 0)
+#define KVM_ARCH_PLANE_REQ(nr) KVM_ARCH_REQ_FLAGS(nr, KVM_REQUEST_PER_PLANE)
bool kvm_make_vcpus_request_mask(struct kvm *kvm, unsigned int req,
unsigned long *vcpu_bitmap);
@@ -371,6 +373,10 @@ struct kvm_vcpu {
int sigset_active;
sigset_t sigset;
unsigned int halt_poll_ns;
+
+ u64 plane_requests;
+
+ /* S390 only */
bool valid_wakeup;
#ifdef CONFIG_HAS_IOMEM
@@ -2356,7 +2362,10 @@ static inline void __kvm_make_request(int req, struct kvm_vcpu *vcpu)
* caller. Paired with the smp_mb__after_atomic in kvm_check_request.
*/
smp_wmb();
- set_bit(req & KVM_REQUEST_MASK, (void *)&vcpu->common->requests);
+ if (req & KVM_REQUEST_PER_PLANE)
+ set_bit(req & KVM_REQUEST_MASK, (void *)&vcpu->plane_requests);
+ else
+ set_bit(req & KVM_REQUEST_MASK, (void *)&vcpu->common->requests);
}
static __always_inline void kvm_make_request(int req, struct kvm_vcpu *vcpu)
@@ -2382,17 +2391,23 @@ static inline void kvm_make_request_and_kick(int req, struct kvm_vcpu *vcpu)
static inline bool kvm_request_pending(struct kvm_vcpu *vcpu)
{
- return READ_ONCE(vcpu->common->requests);
+ return READ_ONCE(vcpu->common->requests) || READ_ONCE(vcpu->plane_requests);
}
static inline bool kvm_test_request(int req, struct kvm_vcpu *vcpu)
{
- return test_bit(req & KVM_REQUEST_MASK, (void *)&vcpu->common->requests);
+ if (req & KVM_REQUEST_PER_PLANE)
+ return test_bit(req & KVM_REQUEST_MASK, (void *)&vcpu->plane_requests);
+ else
+ return test_bit(req & KVM_REQUEST_MASK, (void *)&vcpu->common->requests);
}
static inline void kvm_clear_request(int req, struct kvm_vcpu *vcpu)
{
- clear_bit(req & KVM_REQUEST_MASK, (void *)&vcpu->common->requests);
+ if (req & KVM_REQUEST_PER_PLANE)
+ clear_bit(req & KVM_REQUEST_MASK, (void *)&vcpu->plane_requests);
+ else
+ clear_bit(req & KVM_REQUEST_MASK, (void *)&vcpu->common->requests);
}
static inline bool kvm_check_request(int req, struct kvm_vcpu *vcpu)
--
2.53.0
^ permalink raw reply related
* [PATCH 48/60] kvm: x86: Make event injection VCPU requests per-plane
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Joerg Roedel <joerg.roedel@amd.com>
These events must be handled on the plane-vcpu that they were raised
on.
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
arch/x86/include/asm/kvm_host.h | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index f30173093c44..c2651774d785 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -85,20 +85,20 @@
KVM_X86_NOTIFY_VMEXIT_USER)
/* x86-specific vcpu->requests bit members */
-#define KVM_REQ_MIGRATE_TIMER KVM_ARCH_REQ(0)
+#define KVM_REQ_MIGRATE_TIMER KVM_ARCH_PLANE_REQ(0)
#define KVM_REQ_REPORT_TPR_ACCESS KVM_ARCH_REQ(1)
#define KVM_REQ_TRIPLE_FAULT KVM_ARCH_REQ(2)
#define KVM_REQ_MMU_SYNC KVM_ARCH_REQ(3)
#define KVM_REQ_CLOCK_UPDATE KVM_ARCH_REQ(4)
#define KVM_REQ_LOAD_MMU_PGD KVM_ARCH_REQ(5)
-#define KVM_REQ_EVENT KVM_ARCH_REQ(6)
+#define KVM_REQ_EVENT KVM_ARCH_PLANE_REQ(6)
#define KVM_REQ_APF_HALT KVM_ARCH_REQ(7)
#define KVM_REQ_STEAL_UPDATE KVM_ARCH_REQ(8)
-#define KVM_REQ_NMI KVM_ARCH_REQ(9)
-#define KVM_REQ_PMU KVM_ARCH_REQ(10)
-#define KVM_REQ_PMI KVM_ARCH_REQ(11)
+#define KVM_REQ_NMI KVM_ARCH_PLANE_REQ(9)
+#define KVM_REQ_PMU KVM_ARCH_PLANE_REQ(10)
+#define KVM_REQ_PMI KVM_ARCH_PLANE_REQ(11)
#ifdef CONFIG_KVM_SMM
-#define KVM_REQ_SMI KVM_ARCH_REQ(12)
+#define KVM_REQ_SMI KVM_ARCH_PLANE_REQ(12)
#endif
#define KVM_REQ_MASTERCLOCK_UPDATE KVM_ARCH_REQ(13)
#define KVM_REQ_MCLOCK_INPROGRESS \
--
2.53.0
^ permalink raw reply related
* [PATCH 44/60] kvm: x86: Move cpu_caps to struct kvm_vcpu_arch_common
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Joerg Roedel <joerg.roedel@amd.com>
Now that CPUID state is shared across all planes, cpu_caps can be
shared as well.
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
arch/x86/include/asm/kvm_host.h | 33 +++++++++++++++++----------------
arch/x86/kvm/cpuid.c | 18 +++++++++---------
arch/x86/kvm/cpuid.h | 17 +++++++++--------
arch/x86/kvm/svm/svm.c | 4 ++--
arch/x86/kvm/vmx/vmx.c | 2 +-
5 files changed, 38 insertions(+), 36 deletions(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 3a64bdae6e23..b0d040528f9d 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -800,6 +800,23 @@ struct kvm_vcpu_arch_common {
struct kvm_cpuid_entry2 *cpuid_entries;
bool cpuid_dynamic_bits_dirty;
bool is_amd_compatible;
+
+ /*
+ * cpu_caps holds the effective guest capabilities, i.e. the features
+ * the vCPU is allowed to use. Typically, but not always, features can
+ * be used by the guest if and only if both KVM and userspace want to
+ * expose the feature to the guest.
+ *
+ * A common exception is for virtualization holes, i.e. when KVM can't
+ * prevent the guest from using a feature, in which case the vCPU "has"
+ * the feature regardless of what KVM or userspace desires.
+ *
+ * Note, features that don't require KVM involvement in any way are
+ * NOT enforced/sanitized by KVM, i.e. are taken verbatim from the
+ * guest CPUID provided by userspace.
+ */
+ u32 cpu_caps[NR_KVM_CPU_CAPS];
+
};
int kvm_arch_vcpu_common_init(struct kvm_vcpu_common *common);
@@ -925,22 +942,6 @@ struct kvm_vcpu_arch {
int halt_request; /* real mode on Intel only */
- /*
- * cpu_caps holds the effective guest capabilities, i.e. the features
- * the vCPU is allowed to use. Typically, but not always, features can
- * be used by the guest if and only if both KVM and userspace want to
- * expose the feature to the guest.
- *
- * A common exception is for virtualization holes, i.e. when KVM can't
- * prevent the guest from using a feature, in which case the vCPU "has"
- * the feature regardless of what KVM or userspace desires.
- *
- * Note, features that don't require KVM involvement in any way are
- * NOT enforced/sanitized by KVM, i.e. are taken verbatim from the
- * guest CPUID provided by userspace.
- */
- u32 cpu_caps[NR_KVM_CPU_CAPS];
-
u64 reserved_gpa_bits;
int maxphyaddr;
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 6d948d63306c..27e2f7e25038 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -284,7 +284,7 @@ static __always_inline void kvm_update_feature_runtime(struct kvm_vcpu *vcpu,
bool has_feature)
{
cpuid_entry_change(entry, x86_feature, has_feature);
- guest_cpu_cap_change(vcpu, x86_feature, has_feature);
+ guest_cpu_cap_change(vcpu->common, x86_feature, has_feature);
}
static void kvm_update_cpuid_runtime(struct kvm_vcpu *vcpu)
@@ -382,7 +382,7 @@ void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
bool allow_gbpages;
int i;
- memset(vcpu->arch.cpu_caps, 0, sizeof(vcpu->arch.cpu_caps));
+ memset(common->arch.cpu_caps, 0, sizeof(common->arch.cpu_caps));
BUILD_BUG_ON(ARRAY_SIZE(reverse_cpuid) != NR_KVM_CPU_CAPS);
/*
@@ -408,9 +408,9 @@ void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
* in guest CPUID. Note, this includes features that are
* supported by KVM but aren't advertised to userspace!
*/
- vcpu->arch.cpu_caps[i] = kvm_cpu_caps[i] |
- cpuid_get_reg_unsafe(&emulated, cpuid.reg);
- vcpu->arch.cpu_caps[i] &= cpuid_get_reg_unsafe(entry, cpuid.reg);
+ common->arch.cpu_caps[i] = kvm_cpu_caps[i] |
+ cpuid_get_reg_unsafe(&emulated, cpuid.reg);
+ common->arch.cpu_caps[i] &= cpuid_get_reg_unsafe(entry, cpuid.reg);
}
kvm_update_cpuid_runtime(vcpu);
@@ -428,7 +428,7 @@ void kvm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
*/
allow_gbpages = tdp_enabled ? boot_cpu_has(X86_FEATURE_GBPAGES) :
guest_cpu_cap_has(vcpu, X86_FEATURE_GBPAGES);
- guest_cpu_cap_change(vcpu, X86_FEATURE_GBPAGES, allow_gbpages);
+ guest_cpu_cap_change(common, X86_FEATURE_GBPAGES, allow_gbpages);
best = kvm_find_cpuid_entry(vcpu, 1);
if (best && apic) {
@@ -536,8 +536,8 @@ static int kvm_set_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *e2,
swap(common->arch.cpuid_entries, e2);
swap(common->arch.cpuid_nent, nent);
- memcpy(vcpu_caps, vcpu->arch.cpu_caps, sizeof(vcpu_caps));
- BUILD_BUG_ON(sizeof(vcpu_caps) != sizeof(vcpu->arch.cpu_caps));
+ memcpy(vcpu_caps, common->arch.cpu_caps, sizeof(vcpu_caps));
+ BUILD_BUG_ON(sizeof(vcpu_caps) != sizeof(common->arch.cpu_caps));
/*
* KVM does not correctly handle changing guest CPUID after KVM_RUN or
@@ -582,7 +582,7 @@ static int kvm_set_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *e2,
return 0;
err:
- memcpy(vcpu->arch.cpu_caps, vcpu_caps, sizeof(vcpu_caps));
+ memcpy(common->arch.cpu_caps, vcpu_caps, sizeof(vcpu_caps));
swap(common->arch.cpuid_entries, e2);
swap(common->arch.cpuid_nent, nent);
return r;
diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h
index 143ea8531611..75abf447eabf 100644
--- a/arch/x86/kvm/cpuid.h
+++ b/arch/x86/kvm/cpuid.h
@@ -239,36 +239,37 @@ static __always_inline bool guest_pv_has(struct kvm_vcpu *vcpu,
return vcpu->arch.pv_cpuid.features & (1u << kvm_feature);
}
-static __always_inline void guest_cpu_cap_set(struct kvm_vcpu *vcpu,
+static __always_inline void guest_cpu_cap_set(struct kvm_vcpu_common *common,
unsigned int x86_feature)
{
unsigned int x86_leaf = __feature_leaf(x86_feature);
- vcpu->arch.cpu_caps[x86_leaf] |= __feature_bit(x86_feature);
+ common->arch.cpu_caps[x86_leaf] |= __feature_bit(x86_feature);
}
-static __always_inline void guest_cpu_cap_clear(struct kvm_vcpu *vcpu,
+static __always_inline void guest_cpu_cap_clear(struct kvm_vcpu_common *common,
unsigned int x86_feature)
{
unsigned int x86_leaf = __feature_leaf(x86_feature);
- vcpu->arch.cpu_caps[x86_leaf] &= ~__feature_bit(x86_feature);
+ common->arch.cpu_caps[x86_leaf] &= ~__feature_bit(x86_feature);
}
-static __always_inline void guest_cpu_cap_change(struct kvm_vcpu *vcpu,
+static __always_inline void guest_cpu_cap_change(struct kvm_vcpu_common *common,
unsigned int x86_feature,
bool guest_has_cap)
{
if (guest_has_cap)
- guest_cpu_cap_set(vcpu, x86_feature);
+ guest_cpu_cap_set(common, x86_feature);
else
- guest_cpu_cap_clear(vcpu, x86_feature);
+ guest_cpu_cap_clear(common, x86_feature);
}
static __always_inline bool guest_cpu_cap_has(struct kvm_vcpu *vcpu,
unsigned int x86_feature)
{
unsigned int x86_leaf = __feature_leaf(x86_feature);
+ struct kvm_vcpu_common *common = vcpu->common;
/*
* Except for MWAIT, querying dynamic feature bits is disallowed, so
@@ -278,7 +279,7 @@ static __always_inline bool guest_cpu_cap_has(struct kvm_vcpu *vcpu,
x86_feature == X86_FEATURE_OSXSAVE ||
x86_feature == X86_FEATURE_OSPKE);
- return vcpu->arch.cpu_caps[x86_leaf] & __feature_bit(x86_feature);
+ return common->arch.cpu_caps[x86_leaf] & __feature_bit(x86_feature);
}
static inline bool kvm_vcpu_is_legal_cr3(struct kvm_vcpu *vcpu, unsigned long cr3)
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 612db7ad8b2a..0b57dde29e40 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -4706,7 +4706,7 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
* XSS on VM-Enter/VM-Exit. Failure to do so would effectively give
* the guest read/write access to the host's XSS.
*/
- guest_cpu_cap_change(vcpu, X86_FEATURE_XSAVES,
+ guest_cpu_cap_change(vcpu->common, X86_FEATURE_XSAVES,
boot_cpu_has(X86_FEATURE_XSAVES) &&
guest_cpu_cap_has(vcpu, X86_FEATURE_XSAVE));
@@ -4716,7 +4716,7 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
* SVM on Intel is bonkers and extremely unlikely to work).
*/
if (guest_cpuid_is_intel_compatible(vcpu))
- guest_cpu_cap_clear(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD);
+ guest_cpu_cap_clear(vcpu->common, X86_FEATURE_V_VMSAVE_VMLOAD);
if (is_sev_guest(vcpu))
sev_vcpu_after_set_cpuid(svm);
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 62e180651143..d10aa5f60cad 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -7994,7 +7994,7 @@ void vmx_vcpu_after_set_cpuid(struct kvm_vcpu *vcpu)
* set if and only if XSAVE is supported.
*/
if (!guest_cpu_cap_has(vcpu, X86_FEATURE_XSAVE))
- guest_cpu_cap_clear(vcpu, X86_FEATURE_XSAVES);
+ guest_cpu_cap_clear(vcpu->common, X86_FEATURE_XSAVES);
vmx_setup_uret_msrs(vmx);
--
2.53.0
^ permalink raw reply related
* [PATCH 30/60] kvm: Add KVM_EXIT_PLANE_EVENT
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Paolo Bonzini <pbonzini@redhat.com>
Add a new exit-type to KVM for telling user-space that a plane-vcpu is
missing. Create a helper which fills out the kvm_run exit structure.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Co-developed-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
include/linux/kvm_host.h | 2 ++
include/uapi/linux/kvm.h | 10 ++++++++++
virt/kvm/kvm_main.c | 12 ++++++++++++
3 files changed, 24 insertions(+)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 3ecd472c7cfa..90b97137840e 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -1649,6 +1649,8 @@ void kvm_arch_vcpu_blocking(struct kvm_vcpu *vcpu);
void kvm_arch_vcpu_unblocking(struct kvm_vcpu *vcpu);
bool kvm_vcpu_wake_up(struct kvm_vcpu *vcpu);
+int kvm_request_create_plane(struct kvm_vcpu *vcpu, unsigned plane, u64 apic_id);
+
#ifndef CONFIG_S390
void __kvm_vcpu_kick(struct kvm_vcpu *vcpu, bool wait);
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index 24e34b8e4819..a88d987c7882 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -146,6 +146,13 @@ struct kvm_exit_snp_req_certs {
__u64 ret;
};
+struct kvm_plane_event_exit {
+#define KVM_PLANE_EVENT_CREATE_VCPU 1
+ __u32 cause;
+ __u32 plane;
+ __u64 extra[8];
+};
+
#define KVM_S390_GET_SKEYS_NONE 1
#define KVM_S390_SKEYS_MAX 1048576
@@ -193,6 +200,7 @@ struct kvm_exit_snp_req_certs {
#define KVM_EXIT_ARM_SEA 41
#define KVM_EXIT_ARM_LDST64B 42
#define KVM_EXIT_SNP_REQ_CERTS 43
+#define KVM_EXIT_PLANE_EVENT 44
/* For KVM_EXIT_INTERNAL_ERROR */
/* Emulate instruction failed. */
@@ -497,6 +505,8 @@ struct kvm_run {
} arm_sea;
/* KVM_EXIT_SNP_REQ_CERTS */
struct kvm_exit_snp_req_certs snp_req_certs;
+ /* KVM_EXIT_PLANE_EVENT */
+ struct kvm_plane_event_exit plane_event;
/* Fix the size of the union. */
char padding[256];
};
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 03a44ff62f0f..f0f78bb74e51 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -3973,6 +3973,18 @@ bool kvm_vcpu_wake_up(struct kvm_vcpu *vcpu)
}
EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_vcpu_wake_up);
+int kvm_request_create_plane(struct kvm_vcpu *vcpu, unsigned plane, u64 apic_id)
+{
+ vcpu->run->exit_reason = KVM_EXIT_PLANE_EVENT;
+ memset(&vcpu->run->plane_event, 0, sizeof(vcpu->run->plane_event));
+ vcpu->run->plane_event.cause = KVM_PLANE_EVENT_CREATE_VCPU;
+ vcpu->run->plane_event.plane = plane;
+ vcpu->run->plane_event.extra[0] = apic_id;
+
+ return 0;
+}
+EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_request_create_plane);
+
#ifndef CONFIG_S390
/*
* Kick a sleeping VCPU, or a guest VCPU in guest mode, into host kernel mode.
--
2.53.0
^ permalink raw reply related
* [PATCH 31/60] kvm: Allocate struct kvm_plane in architecture code
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Joerg Roedel <joerg.roedel@amd.com>
Move plane allocation to architecture code so that per-arch
implementations can embed the structure into another one for keeping
additional data.
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
arch/arm64/kvm/arm.c | 13 +++++++++++++
arch/loongarch/kvm/vm.c | 13 +++++++++++++
arch/mips/kvm/mips.c | 13 +++++++++++++
arch/powerpc/kvm/powerpc.c | 13 +++++++++++++
arch/riscv/kvm/main.c | 13 +++++++++++++
arch/s390/kvm/kvm-s390.c | 13 +++++++++++++
arch/x86/kvm/x86.c | 13 +++++++++++++
include/linux/kvm_host.h | 2 ++
virt/kvm/kvm_main.c | 6 +++---
9 files changed, 96 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
index 7e6d2773fd39..d7a4b9b239dc 100644
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -205,6 +205,19 @@ unsigned kvm_arch_max_planes(struct kvm *kvm)
return 1;
}
+struct kvm_plane *kvm_alloc_plane(void)
+{
+ /* For better type checking, do not return kzalloc() value directly */
+ struct kvm_plane *plane = kzalloc(sizeof(*plane), GFP_KERNEL_ACCOUNT);
+
+ return plane;
+}
+
+void kvm_free_plane(struct kvm_plane *plane)
+{
+ kfree(plane);
+}
+
/**
* kvm_arch_init_vm - initializes a VM data structure
* @kvm: pointer to the KVM struct
diff --git a/arch/loongarch/kvm/vm.c b/arch/loongarch/kvm/vm.c
index 14f1232c6e0c..e4d2814b717d 100644
--- a/arch/loongarch/kvm/vm.c
+++ b/arch/loongarch/kvm/vm.c
@@ -114,6 +114,19 @@ unsigned kvm_arch_max_planes(struct kvm *kvm)
return 1;
}
+struct kvm_plane *kvm_alloc_plane(void)
+{
+ /* For better type checking, do not return kzalloc() value directly */
+ struct kvm_plane *plane = kzalloc(sizeof(*plane), GFP_KERNEL_ACCOUNT);
+
+ return plane;
+}
+
+void kvm_free_plane(struct kvm_plane *plane)
+{
+ kfree(plane);
+}
+
int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
{
int r;
diff --git a/arch/mips/kvm/mips.c b/arch/mips/kvm/mips.c
index 60870452119d..e22d2a267e03 100644
--- a/arch/mips/kvm/mips.c
+++ b/arch/mips/kvm/mips.c
@@ -120,6 +120,19 @@ unsigned kvm_arch_max_planes(struct kvm *kvm)
return 1;
}
+struct kvm_plane *kvm_alloc_plane(void)
+{
+ /* For better type checking, do not return kzalloc() value directly */
+ struct kvm_plane *plane = kzalloc(sizeof(*plane), GFP_KERNEL_ACCOUNT);
+
+ return plane;
+}
+
+void kvm_free_plane(struct kvm_plane *plane)
+{
+ kfree(plane);
+}
+
bool kvm_arch_vcpu_in_kernel(struct kvm_vcpu *vcpu)
{
return false;
diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c
index cfa40be20e00..35658cded0cb 100644
--- a/arch/powerpc/kvm/powerpc.c
+++ b/arch/powerpc/kvm/powerpc.c
@@ -504,6 +504,19 @@ unsigned kvm_arch_max_planes(struct kvm *kvm)
return 1;
}
+struct kvm_plane *kvm_alloc_plane(void)
+{
+ /* For better type checking, do not return kzalloc() value directly */
+ struct kvm_plane *plane = kzalloc(sizeof(*plane), GFP_KERNEL_ACCOUNT);
+
+ return plane;
+}
+
+void kvm_free_plane(struct kvm_plane *plane)
+{
+ kfree(plane);
+}
+
int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
{
int r;
diff --git a/arch/riscv/kvm/main.c b/arch/riscv/kvm/main.c
index 5adba3a455a3..46834b2ddfae 100644
--- a/arch/riscv/kvm/main.c
+++ b/arch/riscv/kvm/main.c
@@ -22,6 +22,19 @@ unsigned kvm_arch_max_planes(struct kvm *kvm)
return 1;
}
+struct kvm_plane *kvm_alloc_plane(void)
+{
+ /* For better type checking, do not return kzalloc() value directly */
+ struct kvm_plane *plane = kzalloc(sizeof(*plane), GFP_KERNEL_ACCOUNT);
+
+ return plane;
+}
+
+void kvm_free_plane(struct kvm_plane *plane)
+{
+ kfree(plane);
+}
+
static void kvm_riscv_setup_vendor_features(void)
{
/* Andes AX66: split two-stage TLBs */
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 24f24ea95f86..94c40b2aa759 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -3191,6 +3191,19 @@ unsigned kvm_arch_max_planes(struct kvm *kvm)
return 1;
}
+struct kvm_plane *kvm_alloc_plane(void)
+{
+ /* For better type checking, do not return kzalloc() value directly */
+ struct kvm_plane *plane = kzalloc(sizeof(*plane), GFP_KERNEL_ACCOUNT);
+
+ return plane;
+}
+
+void kvm_free_plane(struct kvm_plane *plane)
+{
+ kfree(plane);
+}
+
void kvm_arch_free_vm(struct kvm *kvm)
{
if (IS_ENABLED(CONFIG_VFIO_PCI_ZDEV_KVM))
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 25299c8c28e3..d6bf0425525c 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -487,6 +487,19 @@ unsigned kvm_arch_max_planes(struct kvm *kvm)
return 1;
}
+struct kvm_plane *kvm_alloc_plane(void)
+{
+ /* For better type checking, do not return kzalloc() value directly */
+ struct kvm_plane *plane = kzalloc(sizeof(*plane), GFP_KERNEL_ACCOUNT);
+
+ return plane;
+}
+
+void kvm_free_plane(struct kvm_plane *plane)
+{
+ kfree(plane);
+}
+
/*
* All feature MSRs except uCode revID, which tracks the currently loaded uCode
* patch, are immutable once the vCPU model is defined.
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 90b97137840e..55e3e9046975 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -1157,6 +1157,8 @@ void vcpu_load(struct kvm_vcpu *vcpu);
void vcpu_put(struct kvm_vcpu *vcpu);
unsigned kvm_arch_max_planes(struct kvm *kvm);
+struct kvm_plane *kvm_alloc_plane(void);
+void kvm_free_plane(struct kvm_plane *plane);
#ifdef CONFIG_KVM_IOAPIC
void kvm_arch_post_irq_ack_notifier_list_update(struct kvm *kvm);
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index f0f78bb74e51..4f2c8f46a0d3 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1209,7 +1209,7 @@ static void kvm_disable_virtualization(void);
static struct kvm_plane *kvm_create_plane(struct kvm *kvm, unsigned plane_level)
{
- struct kvm_plane *plane = kzalloc(sizeof(*plane), GFP_KERNEL_ACCOUNT);
+ struct kvm_plane *plane = kvm_alloc_plane();
if (!plane)
return NULL;
@@ -1227,7 +1227,7 @@ static struct kvm_plane *kvm_create_plane(struct kvm *kvm, unsigned plane_level)
return plane;
out_free_plane:
- kfree(plane);
+ kvm_free_plane(plane);
return NULL;
}
@@ -1235,7 +1235,7 @@ static struct kvm_plane *kvm_create_plane(struct kvm *kvm, unsigned plane_level)
static void kvm_destroy_one_plane(struct kvm_plane *plane)
{
kvm_arch_plane_destroy(plane);
- kfree(plane);
+ kvm_free_plane(plane);
}
static void kvm_destroy_planes(struct kvm *kvm)
--
2.53.0
^ permalink raw reply related
* [PATCH 45/60] kvm: x86: Update state for all plane VCPUs after CPUID update
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Joerg Roedel <joerg.roedel@amd.com>
Make sure to update CPUID dependent state for all VCPUs of a given
plane when CPUID state is updated.
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
arch/x86/kvm/cpuid.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 27e2f7e25038..fab075bb6fdc 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -513,6 +513,8 @@ static int kvm_set_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *e2,
{
struct kvm_vcpu_common *common = vcpu->common;
u32 vcpu_caps[NR_KVM_CPU_CAPS];
+ struct kvm_vcpu *v;
+ unsigned i;
int r;
/*
@@ -562,9 +564,11 @@ static int kvm_set_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *e2,
#ifdef CONFIG_KVM_HYPERV
if (kvm_cpuid_has_hyperv(vcpu)) {
- r = kvm_hv_vcpu_init(vcpu);
- if (r)
- goto err;
+ vcpu_for_each_plane(common, i, v) {
+ r = kvm_hv_vcpu_init(vcpu);
+ if (r)
+ goto err;
+ }
}
#endif
@@ -572,10 +576,12 @@ static int kvm_set_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid_entry2 *e2,
if (r)
goto err;
+ vcpu_for_each_plane(vcpu->common, i, v) {
#ifdef CONFIG_KVM_XEN
- vcpu->arch.xen.cpuid = kvm_get_hypervisor_cpuid(vcpu, XEN_SIGNATURE);
+ v->arch.xen.cpuid = kvm_get_hypervisor_cpuid(vcpu, XEN_SIGNATURE);
#endif
- kvm_vcpu_after_set_cpuid(vcpu);
+ kvm_vcpu_after_set_cpuid(v);
+ }
success:
kvfree(e2);
--
2.53.0
^ permalink raw reply related
* [PATCH 17/60] kvm: Move VCPU locking to struct kvm_vcpu_common
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Joerg Roedel <joerg.roedel@amd.com>
Fields in struct kvm_vcpu which are protected by these locks is going
to move to struct kvm_vcpu_common. So move the locks as well.
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
include/linux/kvm_host.h | 31 +++++++++++++++++--------------
virt/kvm/kvm_main.c | 3 ++-
2 files changed, 19 insertions(+), 15 deletions(-)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 611bba515ac0..c8085c23e18e 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -330,6 +330,13 @@ struct kvm_vcpu_common {
/* Currently active VCPU */
struct kvm_vcpu *current_vcpu;
+ /* Locks */
+ int ____srcu_idx; /* Don't use this directly. You've been warned. */
+#ifdef CONFIG_PROVE_RCU
+ int srcu_depth;
+#endif
+ struct mutex mutex;
+
/* Scheduling state */
#ifdef CONFIG_PREEMPT_NOTIFIERS
struct preempt_notifier preempt_notifier;
@@ -347,15 +354,11 @@ struct kvm_vcpu {
int cpu;
int vcpu_id; /* id given by userspace at creation */
int vcpu_idx; /* index into kvm->planes[]->vcpu_array */
- int ____srcu_idx; /* Don't use this directly. You've been warned. */
-#ifdef CONFIG_PROVE_RCU
- int srcu_depth;
-#endif
+
int mode;
u64 requests;
unsigned long guest_debug;
- struct mutex mutex;
struct kvm_run *run;
#ifndef __KVM_HAVE_ARCH_WQP
@@ -1001,35 +1004,35 @@ static inline void kvm_vm_bugged(struct kvm *kvm)
static inline void kvm_vcpu_lock(struct kvm_vcpu *vcpu)
{
- mutex_lock(&vcpu->mutex);
+ mutex_lock(&vcpu->common->mutex);
}
static inline void kvm_vcpu_unlock(struct kvm_vcpu *vcpu)
{
- mutex_unlock(&vcpu->mutex);
+ mutex_unlock(&vcpu->common->mutex);
}
static inline struct mutex *kvm_vcpu_mutex(struct kvm_vcpu *vcpu)
{
- return &vcpu->mutex;
+ return &vcpu->common->mutex;
}
static inline void kvm_vcpu_srcu_read_lock(struct kvm_vcpu *vcpu)
{
#ifdef CONFIG_PROVE_RCU
- WARN_ONCE(vcpu->srcu_depth++,
- "KVM: Illegal vCPU srcu_idx LOCK, depth=%d", vcpu->srcu_depth - 1);
+ WARN_ONCE(vcpu->common->srcu_depth++,
+ "KVM: Illegal vCPU srcu_idx LOCK, depth=%d", vcpu->common->srcu_depth - 1);
#endif
- vcpu->____srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
+ vcpu->common->____srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
}
static inline void kvm_vcpu_srcu_read_unlock(struct kvm_vcpu *vcpu)
{
- srcu_read_unlock(&vcpu->kvm->srcu, vcpu->____srcu_idx);
+ srcu_read_unlock(&vcpu->kvm->srcu, vcpu->common->____srcu_idx);
#ifdef CONFIG_PROVE_RCU
- WARN_ONCE(--vcpu->srcu_depth,
- "KVM: Illegal vCPU srcu_idx UNLOCK, depth=%d", vcpu->srcu_depth);
+ WARN_ONCE(--vcpu->common->srcu_depth,
+ "KVM: Illegal vCPU srcu_idx UNLOCK, depth=%d", vcpu->common->srcu_depth);
#endif
}
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index d6975a5c60b4..9accca10c249 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -466,6 +466,8 @@ static int kvm_vcpu_init_common(struct kvm_vcpu *vcpu, struct kvm *kvm, unsigned
common->vcpu_idx = atomic_read(&kvm->online_vcpus);
+ mutex_init(&common->mutex);
+
common->kvm = kvm;
common->current_vcpu = vcpu;
@@ -500,7 +502,6 @@ static void kvm_vcpu_finish_common(struct kvm_vcpu *vcpu)
static void kvm_vcpu_init(struct kvm_vcpu *vcpu, struct kvm *kvm, unsigned id)
{
- mutex_init(&vcpu->mutex);
vcpu->cpu = -1;
vcpu->kvm = kvm;
vcpu->plane = kvm->planes[0];
--
2.53.0
^ permalink raw reply related
* [PATCH 16/60] kvm: Add accessors for kvm_vcpu->mutex
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Joerg Roedel <joerg.roedel@amd.com>
Use accessors to manage the mutex so it is easier to move it to
another struct.
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
arch/arm64/kvm/arm.c | 4 ++--
arch/arm64/kvm/inject_fault.c | 4 ++--
arch/powerpc/kvm/book3s_xics.c | 4 ++--
arch/powerpc/kvm/book3s_xive.c | 4 ++--
arch/powerpc/kvm/book3s_xive_native.c | 4 ++--
arch/riscv/kvm/aia_device.c | 4 ++--
arch/s390/kvm/interrupt.c | 8 ++++----
arch/s390/kvm/kvm-s390.c | 8 ++++----
arch/s390/kvm/pv.c | 2 +-
arch/x86/kvm/svm/sev.c | 2 +-
arch/x86/kvm/vmx/nested.h | 4 ++--
arch/x86/kvm/x86.c | 4 ++--
include/linux/kvm_host.h | 15 +++++++++++++++
virt/kvm/kvm_main.c | 24 ++++++++++++------------
14 files changed, 53 insertions(+), 38 deletions(-)
diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
index de00088c9a80..295d7f19e4de 100644
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -527,10 +527,10 @@ int kvm_arch_vcpu_create(struct kvm_vcpu *vcpu)
#ifdef CONFIG_LOCKDEP
/* Inform lockdep that the config_lock is acquired after vcpu->mutex */
- mutex_lock(&vcpu->mutex);
+ kvm_vcpu_lock(vcpu);
mutex_lock(&vcpu->kvm->arch.config_lock);
mutex_unlock(&vcpu->kvm->arch.config_lock);
- mutex_unlock(&vcpu->mutex);
+ kvm_vcpu_unlock(vcpu);
#endif
/* Force users to call KVM_ARM_VCPU_INIT */
diff --git a/arch/arm64/kvm/inject_fault.c b/arch/arm64/kvm/inject_fault.c
index 89982bd3345f..000d94ed7948 100644
--- a/arch/arm64/kvm/inject_fault.c
+++ b/arch/arm64/kvm/inject_fault.c
@@ -248,7 +248,7 @@ static bool kvm_sea_target_is_el2(struct kvm_vcpu *vcpu)
int kvm_inject_sea(struct kvm_vcpu *vcpu, bool iabt, u64 addr)
{
- lockdep_assert_held(&vcpu->mutex);
+ lockdep_assert_held(kvm_vcpu_mutex(vcpu));
if (is_nested_ctxt(vcpu) && kvm_sea_target_is_el2(vcpu))
return kvm_inject_nested_sea(vcpu, iabt, addr);
@@ -367,7 +367,7 @@ static bool kvm_serror_undeliverable_at_el2(struct kvm_vcpu *vcpu)
int kvm_inject_serror_esr(struct kvm_vcpu *vcpu, u64 esr)
{
- lockdep_assert_held(&vcpu->mutex);
+ lockdep_assert_held(kvm_vcpu_mutex(vcpu));
if (is_nested_ctxt(vcpu) && kvm_serror_target_is_el2(vcpu))
return kvm_inject_nested_serror(vcpu, esr);
diff --git a/arch/powerpc/kvm/book3s_xics.c b/arch/powerpc/kvm/book3s_xics.c
index 74a44fa702b0..a9afd9df2690 100644
--- a/arch/powerpc/kvm/book3s_xics.c
+++ b/arch/powerpc/kvm/book3s_xics.c
@@ -1361,9 +1361,9 @@ static void kvmppc_xics_release(struct kvm_device *dev)
* have been cleared and the vcpu will not be going into the
* XICS code anymore.
*/
- mutex_lock(&vcpu->mutex);
+ kvm_vcpu_lock(vcpu);
kvmppc_xics_free_icp(vcpu);
- mutex_unlock(&vcpu->mutex);
+ kvm_vcpu_unlock(vcpu);
}
if (kvm)
diff --git a/arch/powerpc/kvm/book3s_xive.c b/arch/powerpc/kvm/book3s_xive.c
index 1d67237783b7..e0c68e86f951 100644
--- a/arch/powerpc/kvm/book3s_xive.c
+++ b/arch/powerpc/kvm/book3s_xive.c
@@ -2668,9 +2668,9 @@ static void kvmppc_xive_release(struct kvm_device *dev)
* be executing the XIVE push or pull code or accessing
* the XIVE MMIO regions.
*/
- mutex_lock(&vcpu->mutex);
+ kvm_vcpu_lock(vcpu);
kvmppc_xive_cleanup_vcpu(vcpu);
- mutex_unlock(&vcpu->mutex);
+ kvm_vcpu_unlock(vcpu);
}
/*
diff --git a/arch/powerpc/kvm/book3s_xive_native.c b/arch/powerpc/kvm/book3s_xive_native.c
index 728b5606dd14..40e93ac5fc2f 100644
--- a/arch/powerpc/kvm/book3s_xive_native.c
+++ b/arch/powerpc/kvm/book3s_xive_native.c
@@ -1052,9 +1052,9 @@ static void kvmppc_xive_native_release(struct kvm_device *dev)
* be executing the XIVE push or pull code or accessing
* the XIVE MMIO regions.
*/
- mutex_lock(&vcpu->mutex);
+ kvm_vcpu_lock(vcpu);
kvmppc_xive_native_cleanup_vcpu(vcpu);
- mutex_unlock(&vcpu->mutex);
+ kvm_vcpu_unlock(vcpu);
}
/*
diff --git a/arch/riscv/kvm/aia_device.c b/arch/riscv/kvm/aia_device.c
index 3d1e81e2a36b..d98c8fddc89d 100644
--- a/arch/riscv/kvm/aia_device.c
+++ b/arch/riscv/kvm/aia_device.c
@@ -181,12 +181,12 @@ static int aia_imsic_addr(struct kvm *kvm, u64 *addr,
return -EINVAL;
}
- mutex_lock(&vcpu->mutex);
+ kvm_vcpu_lock(vcpu);
if (write)
vcpu_aia->imsic_addr = *addr;
else
*addr = vcpu_aia->imsic_addr;
- mutex_unlock(&vcpu->mutex);
+ kvm_vcpu_unlock(vcpu);
return 0;
}
diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
index 3bcdbbbb6891..1d66ef9f7527 100644
--- a/arch/s390/kvm/interrupt.c
+++ b/arch/s390/kvm/interrupt.c
@@ -3176,12 +3176,12 @@ void kvm_s390_gisa_enable(struct kvm *kvm)
if (!gisa_desc)
return;
kvm_for_each_vcpu(i, vcpu, kvm) {
- mutex_lock(&vcpu->mutex);
+ kvm_vcpu_lock(vcpu);
vcpu->arch.sie_block->gd = gisa_desc;
vcpu->arch.sie_block->eca |= ECA_AIV;
VCPU_EVENT(vcpu, 3, "AIV gisa format-%u enabled for cpu %03u",
vcpu->arch.sie_block->gd & 0x3, vcpu->vcpu_id);
- mutex_unlock(&vcpu->mutex);
+ kvm_vcpu_unlock(vcpu);
}
}
@@ -3212,10 +3212,10 @@ void kvm_s390_gisa_disable(struct kvm *kvm)
if (!gi->origin)
return;
kvm_for_each_vcpu(i, vcpu, kvm) {
- mutex_lock(&vcpu->mutex);
+ kvm_vcpu_lock(vcpu);
vcpu->arch.sie_block->eca &= ~ECA_AIV;
vcpu->arch.sie_block->gd = 0U;
- mutex_unlock(&vcpu->mutex);
+ kvm_vcpu_unlock(vcpu);
VCPU_EVENT(vcpu, 3, "AIV disabled for cpu %03u", vcpu->vcpu_id);
}
kvm_s390_gisa_destroy(kvm);
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 8401bcad1f37..e6fe83da172f 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -2360,13 +2360,13 @@ int kvm_s390_cpus_from_pv(struct kvm *kvm, u16 *rc, u16 *rrc)
* We want to return the first failure rc and rrc, though.
*/
kvm_for_each_vcpu(i, vcpu, kvm) {
- mutex_lock(&vcpu->mutex);
+ kvm_vcpu_lock(vcpu);
if (kvm_s390_pv_destroy_cpu(vcpu, &_rc, &_rrc) && !ret) {
*rc = _rc;
*rrc = _rrc;
ret = -EIO;
}
- mutex_unlock(&vcpu->mutex);
+ kvm_vcpu_unlock(vcpu);
}
/* Ensure that we re-enable gisa if the non-PV guest used it but the PV guest did not. */
if (use_gisa)
@@ -2398,9 +2398,9 @@ static int kvm_s390_cpus_to_pv(struct kvm *kvm, u16 *rc, u16 *rrc)
kvm_s390_gisa_disable(kvm);
kvm_for_each_vcpu(i, vcpu, kvm) {
- mutex_lock(&vcpu->mutex);
+ kvm_vcpu_lock(vcpu);
r = kvm_s390_pv_create_cpu(vcpu, rc, rrc);
- mutex_unlock(&vcpu->mutex);
+ kvm_vcpu_unlock(vcpu);
if (r)
break;
}
diff --git a/arch/s390/kvm/pv.c b/arch/s390/kvm/pv.c
index 4b865e75351c..4661cbf28199 100644
--- a/arch/s390/kvm/pv.c
+++ b/arch/s390/kvm/pv.c
@@ -33,7 +33,7 @@ EXPORT_SYMBOL_GPL(kvm_s390_pv_is_protected);
bool kvm_s390_pv_cpu_is_protected(struct kvm_vcpu *vcpu)
{
- lockdep_assert_held(&vcpu->mutex);
+ lockdep_assert_held(kvm_vcpu_mutex(vcpu));
return !!kvm_s390_pv_cpu_get_handle(vcpu);
}
EXPORT_SYMBOL_GPL(kvm_s390_pv_cpu_is_protected);
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index d04f71836ef7..a23dcb081751 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -938,7 +938,7 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm)
u8 *d;
int i;
- lockdep_assert_held(&vcpu->mutex);
+ lockdep_assert_held(kvm_vcpu_mutex(vcpu));
if (vcpu->arch.guest_state_protected)
return -EINVAL;
diff --git a/arch/x86/kvm/vmx/nested.h b/arch/x86/kvm/vmx/nested.h
index 213a448104af..7677dff127f1 100644
--- a/arch/x86/kvm/vmx/nested.h
+++ b/arch/x86/kvm/vmx/nested.h
@@ -57,7 +57,7 @@ bool nested_vmx_check_io_bitmaps(struct kvm_vcpu *vcpu, unsigned int port,
static inline struct vmcs12 *get_vmcs12(struct kvm_vcpu *vcpu)
{
- lockdep_assert_once(lockdep_is_held(&vcpu->mutex) ||
+ lockdep_assert_once(lockdep_is_held(kvm_vcpu_mutex(vcpu)) ||
!refcount_read(&vcpu->kvm->users_count));
return to_vmx(vcpu)->nested.cached_vmcs12;
@@ -65,7 +65,7 @@ static inline struct vmcs12 *get_vmcs12(struct kvm_vcpu *vcpu)
static inline struct vmcs12 *get_shadow_vmcs12(struct kvm_vcpu *vcpu)
{
- lockdep_assert_once(lockdep_is_held(&vcpu->mutex) ||
+ lockdep_assert_once(lockdep_is_held(kvm_vcpu_mutex(vcpu)) ||
!refcount_read(&vcpu->kvm->users_count));
return to_vmx(vcpu)->nested.cached_shadow_vmcs12;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 6355fe7f546f..2a87359cf42f 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -12941,7 +12941,7 @@ int kvm_arch_vcpu_create(struct kvm_vcpu *vcpu)
void kvm_arch_vcpu_postcreate(struct kvm_vcpu *vcpu)
{
- if (mutex_lock_killable(&vcpu->mutex))
+ if (mutex_lock_killable(kvm_vcpu_mutex(vcpu)))
return;
vcpu_load(vcpu);
kvm_synchronize_tsc(vcpu, NULL);
@@ -12950,7 +12950,7 @@ void kvm_arch_vcpu_postcreate(struct kvm_vcpu *vcpu)
/* poll control enabled by default */
vcpu->arch.msr_kvm_poll_control = 1;
- mutex_unlock(&vcpu->mutex);
+ kvm_vcpu_unlock(vcpu);
}
void kvm_arch_vcpu_destroy(struct kvm_vcpu *vcpu)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index a6aacd507c02..611bba515ac0 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -999,6 +999,21 @@ static inline void kvm_vm_bugged(struct kvm *kvm)
unlikely(__ret); \
})
+static inline void kvm_vcpu_lock(struct kvm_vcpu *vcpu)
+{
+ mutex_lock(&vcpu->mutex);
+}
+
+static inline void kvm_vcpu_unlock(struct kvm_vcpu *vcpu)
+{
+ mutex_unlock(&vcpu->mutex);
+}
+
+static inline struct mutex *kvm_vcpu_mutex(struct kvm_vcpu *vcpu)
+{
+ return &vcpu->mutex;
+}
+
static inline void kvm_vcpu_srcu_read_lock(struct kvm_vcpu *vcpu)
{
#ifdef CONFIG_PROVE_RCU
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index a44f8dc8418a..d6975a5c60b4 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1499,7 +1499,7 @@ int kvm_trylock_all_vcpus(struct kvm *kvm)
lockdep_assert_held(&kvm->lock);
kvm_for_each_vcpu(i, vcpu, kvm)
- if (!mutex_trylock_nest_lock(&vcpu->mutex, &kvm->lock))
+ if (!mutex_trylock_nest_lock(kvm_vcpu_mutex(vcpu), &kvm->lock))
goto out_unlock;
return 0;
@@ -1507,7 +1507,7 @@ int kvm_trylock_all_vcpus(struct kvm *kvm)
kvm_for_each_vcpu(j, vcpu, kvm) {
if (i == j)
break;
- mutex_unlock(&vcpu->mutex);
+ kvm_vcpu_unlock(vcpu);
}
return -EINTR;
}
@@ -1522,7 +1522,7 @@ int kvm_lock_all_vcpus(struct kvm *kvm)
lockdep_assert_held(&kvm->lock);
kvm_for_each_vcpu(i, vcpu, kvm) {
- r = mutex_lock_killable_nest_lock(&vcpu->mutex, &kvm->lock);
+ r = mutex_lock_killable_nest_lock(kvm_vcpu_mutex(vcpu), &kvm->lock);
if (r)
goto out_unlock;
}
@@ -1532,7 +1532,7 @@ int kvm_lock_all_vcpus(struct kvm *kvm)
kvm_for_each_vcpu(j, vcpu, kvm) {
if (i == j)
break;
- mutex_unlock(&vcpu->mutex);
+ kvm_vcpu_unlock(vcpu);
}
return r;
}
@@ -1546,7 +1546,7 @@ void kvm_unlock_all_vcpus(struct kvm *kvm)
lockdep_assert_held(&kvm->lock);
kvm_for_each_vcpu(i, vcpu, kvm)
- mutex_unlock(&vcpu->mutex);
+ kvm_vcpu_unlock(vcpu);
}
EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_unlock_all_vcpus);
@@ -4353,14 +4353,14 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, unsigned long id)
* vCPU doesn't exist. As a bonus, taking vcpu->mutex ensures lockdep
* knows it's taken *inside* kvm->lock.
*/
- mutex_lock(&vcpu->mutex);
+ kvm_vcpu_lock(vcpu);
kvm_get_kvm(kvm);
r = create_vcpu_fd(vcpu);
if (r < 0)
goto kvm_put_xa_erase;
kvm_vcpu_finish_common(vcpu);
- mutex_unlock(&vcpu->mutex);
+ kvm_vcpu_unlock(vcpu);
mutex_unlock(&kvm->lock);
kvm_arch_vcpu_postcreate(vcpu);
@@ -4368,7 +4368,7 @@ static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, unsigned long id)
return r;
kvm_put_xa_erase:
- mutex_unlock(&vcpu->mutex);
+ kvm_vcpu_unlock(vcpu);
kvm_put_kvm_no_destroy(kvm);
xa_erase(&kvm->planes[0]->vcpu_array, vcpu->vcpu_idx);
unlock_vcpu_destroy:
@@ -4509,10 +4509,10 @@ static int kvm_wait_for_vcpu_online(struct kvm_vcpu *vcpu)
* complete (kvm_vm_ioctl_create_vcpu() holds the mutex until the vCPU
* is fully online).
*/
- if (mutex_lock_killable(&vcpu->mutex))
+ if (mutex_lock_killable(kvm_vcpu_mutex(vcpu)))
return -EINTR;
- mutex_unlock(&vcpu->mutex);
+ kvm_vcpu_unlock(vcpu);
if (WARN_ON_ONCE(!kvm_get_vcpu(kvm, vcpu->vcpu_idx)))
return -EIO;
@@ -4552,7 +4552,7 @@ static long kvm_vcpu_ioctl(struct file *filp,
if (r != -ENOIOCTLCMD)
return r;
- if (mutex_lock_killable(&vcpu->mutex))
+ if (mutex_lock_killable(kvm_vcpu_mutex(vcpu)))
return -EINTR;
switch (ioctl) {
case KVM_RUN: {
@@ -4764,7 +4764,7 @@ static long kvm_vcpu_ioctl(struct file *filp,
r = kvm_arch_vcpu_ioctl(filp, ioctl, arg);
}
out:
- mutex_unlock(&vcpu->mutex);
+ kvm_vcpu_unlock(vcpu);
kfree(fpu);
kfree(kvm_sregs);
return r;
--
2.53.0
^ permalink raw reply related
* [PATCH 59/60] kvm: svm: Implement max_planes x86 operation
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Tom Lendacky <thomas.lendacky@amd.com>
Report the number of VMPL levels supported by SEV-SNP guests.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Co-developed-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
arch/x86/kvm/svm/sev.c | 14 ++++++++++++--
arch/x86/kvm/svm/svm.c | 12 +++++++++++-
arch/x86/kvm/svm/svm.h | 3 +++
3 files changed, 26 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index b67566fcb69e..528c8bd3e8fc 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -114,6 +114,7 @@ static unsigned long sev_me_mask;
static unsigned int nr_asids;
static unsigned long *sev_asid_bitmap;
static unsigned long *sev_reclaim_asid_bitmap;
+static unsigned int vmpl_levels;
static __always_inline void kvm_lockdep_assert_sev_lock_held(struct kvm *kvm)
{
@@ -3103,6 +3104,9 @@ void __init sev_hardware_setup(void)
/* Set encryption bit location for SEV-ES guests */
sev_enc_bit = ebx & 0x3f;
+ /* Get the number of supported VMPL levels */
+ vmpl_levels = (ebx >> 12) & 0xf;
+
/* Maximum number of encrypted guests supported simultaneously */
max_sev_asid = ecx;
if (!max_sev_asid)
@@ -3217,9 +3221,10 @@ void __init sev_hardware_setup(void)
"disabled",
min_sev_es_asid, max_sev_es_asid);
if (boot_cpu_has(X86_FEATURE_SEV_SNP))
- pr_info("SEV-SNP %s (ASIDs %u - %u)\n",
+ pr_info("SEV-SNP %s (ASIDs %u - %u), VMPL Levels %u\n",
str_enabled_disabled(sev_snp_supported),
- min_snp_asid, max_snp_asid);
+ min_snp_asid, max_snp_asid,
+ vmpl_levels);
sev_enabled = sev_supported;
sev_es_enabled = sev_es_supported;
@@ -5852,3 +5857,8 @@ bool sev_snp_blocked(enum inject_type type, struct kvm_vcpu *vcpu)
return blocked;
}
+
+int sev_snp_max_planes(struct kvm *kvm)
+{
+ return vmpl_levels;
+}
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index 2ae82dc058c9..705063c7f0f0 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -5321,6 +5321,16 @@ static void svm_free_plane(struct kvm_plane *plane)
kfree(svm_plane);
}
+static unsigned svm_max_planes(struct kvm *kvm)
+{
+#ifdef CONFIG_KVM_AMD_SEV
+ if (____sev_snp_guest(kvm))
+ return sev_snp_max_planes(kvm);
+#endif
+
+ return kvm_x86_default_max_planes(kvm);
+}
+
struct kvm_x86_ops svm_x86_ops __initdata = {
.name = KBUILD_MODNAME,
@@ -5465,7 +5475,7 @@ struct kvm_x86_ops svm_x86_ops __initdata = {
.alloc_plane = svm_alloc_plane,
.free_plane = svm_free_plane,
- .max_planes = kvm_x86_default_max_planes,
+ .max_planes = svm_max_planes,
};
/*
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index 7e860f2abafb..7aba2cceb44d 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -1008,6 +1008,8 @@ static inline bool sev_snp_is_rinj_active(struct kvm_vcpu *vcpu)
return is_sev_snp_guest(vcpu) &&
(sev->vmsa_features & SVM_SEV_FEAT_RESTRICTED_INJECTION);
};
+int sev_nr_vcpu_planes(struct kvm *kvm);
+int sev_snp_max_planes(struct kvm *kvm);
#else
static inline struct page *snp_safe_alloc_page_node(int node, gfp_t gfp)
{
@@ -1051,6 +1053,7 @@ static inline bool sev_snp_inject(enum inject_type type, struct kvm_vcpu *vcpu)
static inline void sev_snp_cancel_injection(struct kvm_vcpu *vcpu) {}
static inline bool sev_snp_blocked(enum inject_type type, struct kvm_vcpu *vcpu) { return false; }
static inline bool sev_snp_is_rinj_active(struct kvm_vcpu *vcpu) { return false; }
+static inline unsigned sev_snp_max_planes(struct kvm *kvm) { return 1; }
#endif
/* vmenter.S */
--
2.53.0
^ permalink raw reply related
* [PATCH 39/60] kvm: Make KVM_SET_GSI_ROUTING per plane
From: Jörg Rödel @ 2026-06-08 14:42 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Joerg Roedel <joerg.roedel@amd.com>
Allow the KVM_SET_GSI_ROUTING on each plane. There is still only one
GSI routing table maintained per VM by the KVM module, the plane this
IOCTL was last issued at will get all GSI interrupts.
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
arch/arm64/kvm/vgic/vgic-irqfd.c | 2 +-
arch/loongarch/kvm/intc/pch_pic.c | 2 +-
arch/powerpc/kvm/mpic.c | 2 +-
arch/riscv/kvm/vm.c | 2 +-
arch/x86/kvm/irq.c | 2 +-
include/linux/kvm_host.h | 3 +-
virt/kvm/irqchip.c | 10 +++--
virt/kvm/kvm_main.c | 62 +++++++++++++++----------------
8 files changed, 44 insertions(+), 41 deletions(-)
diff --git a/arch/arm64/kvm/vgic/vgic-irqfd.c b/arch/arm64/kvm/vgic/vgic-irqfd.c
index 53e5fcc591d7..96981dd29a6e 100644
--- a/arch/arm64/kvm/vgic/vgic-irqfd.c
+++ b/arch/arm64/kvm/vgic/vgic-irqfd.c
@@ -153,7 +153,7 @@ int kvm_vgic_setup_default_irq_routing(struct kvm *kvm)
entries[i].u.irqchip.irqchip = 0;
entries[i].u.irqchip.pin = i;
}
- ret = kvm_set_irq_routing(kvm, entries, nr, 0);
+ ret = kvm_set_irq_routing(kvm, entries, nr, 0, 0);
kfree(entries);
return ret;
}
diff --git a/arch/loongarch/kvm/intc/pch_pic.c b/arch/loongarch/kvm/intc/pch_pic.c
index aa0ed59ae8cf..a0d04ffa8a71 100644
--- a/arch/loongarch/kvm/intc/pch_pic.c
+++ b/arch/loongarch/kvm/intc/pch_pic.c
@@ -423,7 +423,7 @@ static int kvm_setup_default_irq_routing(struct kvm *kvm)
entries[i].u.irqchip.irqchip = 0;
entries[i].u.irqchip.pin = i;
}
- ret = kvm_set_irq_routing(kvm, entries, nr, 0);
+ ret = kvm_set_irq_routing(kvm, entries, nr, 0, 0);
kfree(entries);
return ret;
diff --git a/arch/powerpc/kvm/mpic.c b/arch/powerpc/kvm/mpic.c
index 6b6eba7fbf75..1e493179ee4f 100644
--- a/arch/powerpc/kvm/mpic.c
+++ b/arch/powerpc/kvm/mpic.c
@@ -1646,7 +1646,7 @@ static int mpic_set_default_irq_routing(struct openpic *opp)
if (!routing)
return -ENOMEM;
- kvm_set_irq_routing(opp->kvm, routing, 0, 0);
+ kvm_set_irq_routing(opp->kvm, routing, 0, 0, 0);
kfree(routing);
return 0;
diff --git a/arch/riscv/kvm/vm.c b/arch/riscv/kvm/vm.c
index 6b3c8a0e74e2..bd9ab3240e4f 100644
--- a/arch/riscv/kvm/vm.c
+++ b/arch/riscv/kvm/vm.c
@@ -105,7 +105,7 @@ int kvm_riscv_setup_default_irq_routing(struct kvm *kvm, u32 lines)
ents[i].u.irqchip.irqchip = 0;
ents[i].u.irqchip.pin = i;
}
- rc = kvm_set_irq_routing(kvm, ents, lines, 0);
+ rc = kvm_set_irq_routing(kvm, ents, lines, 0, 0);
kfree(ents);
return rc;
diff --git a/arch/x86/kvm/irq.c b/arch/x86/kvm/irq.c
index d2ecfd54d57a..90e2d2db2123 100644
--- a/arch/x86/kvm/irq.c
+++ b/arch/x86/kvm/irq.c
@@ -576,7 +576,7 @@ static const struct kvm_irq_routing_entry default_routing[] = {
int kvm_setup_default_ioapic_and_pic_routing(struct kvm *kvm)
{
return kvm_set_irq_routing(kvm, default_routing,
- ARRAY_SIZE(default_routing), 0);
+ ARRAY_SIZE(default_routing), 0, 0);
}
int kvm_vm_ioctl_get_irqchip(struct kvm *kvm, struct kvm_irqchip *chip)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 05a10836d92d..3b62fb354267 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -2351,7 +2351,8 @@ bool kvm_arch_can_set_irq_routing(struct kvm *kvm);
int kvm_set_irq_routing(struct kvm *kvm,
const struct kvm_irq_routing_entry *entries,
unsigned nr,
- unsigned flags);
+ unsigned flags,
+ unsigned plane_level);
int kvm_init_irq_routing(struct kvm *kvm);
int kvm_set_routing_entry(struct kvm *kvm,
struct kvm_kernel_irq_routing_entry *e,
diff --git a/virt/kvm/irqchip.c b/virt/kvm/irqchip.c
index a4fea7d8dde6..e0793ae0c719 100644
--- a/virt/kvm/irqchip.c
+++ b/virt/kvm/irqchip.c
@@ -128,7 +128,8 @@ void kvm_free_irq_routing(struct kvm *kvm)
static int setup_routing_entry(struct kvm *kvm,
struct kvm_irq_routing_table *rt,
struct kvm_kernel_irq_routing_entry *e,
- const struct kvm_irq_routing_entry *ue)
+ const struct kvm_irq_routing_entry *ue,
+ unsigned plane_level)
{
struct kvm_kernel_irq_routing_entry *ei;
int r;
@@ -146,7 +147,7 @@ static int setup_routing_entry(struct kvm *kvm,
e->gsi = gsi;
e->type = ue->type;
- r = kvm_set_routing_entry(kvm, e, ue, 0);
+ r = kvm_set_routing_entry(kvm, e, ue, plane_level);
if (r)
return r;
if (e->type == KVM_IRQ_ROUTING_IRQCHIP)
@@ -169,7 +170,8 @@ bool __weak kvm_arch_can_set_irq_routing(struct kvm *kvm)
int kvm_set_irq_routing(struct kvm *kvm,
const struct kvm_irq_routing_entry *ue,
unsigned nr,
- unsigned flags)
+ unsigned flags,
+ unsigned plane_level)
{
struct kvm_irq_routing_table *new, *old;
struct kvm_kernel_irq_routing_entry *e;
@@ -210,7 +212,7 @@ int kvm_set_irq_routing(struct kvm *kvm,
goto free_entry;
break;
}
- r = setup_routing_entry(kvm, new, e, ue);
+ r = setup_routing_entry(kvm, new, e, ue, plane_level);
if (r)
goto free_entry;
++ue;
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index dc59f2f9d405..a6d7601c3412 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -4918,6 +4918,34 @@ static long __kvm_plane_ioctl(struct kvm_plane *plane, unsigned int ioctl, unsig
break;
}
#endif
+#ifdef CONFIG_HAVE_KVM_IRQ_ROUTING
+ case KVM_SET_GSI_ROUTING: {
+ void __user *argp = (void __user *)arg;
+ struct kvm_irq_routing routing;
+ struct kvm_irq_routing __user *urouting;
+ struct kvm_irq_routing_entry *entries = NULL;
+
+ if (copy_from_user(&routing, argp, sizeof(routing)))
+ return -EFAULT;
+ if (!kvm_arch_can_set_irq_routing(plane->kvm) ||
+ routing.nr > KVM_MAX_IRQ_ROUTES ||
+ routing.flags)
+ return -EINVAL;
+ if (routing.nr) {
+ urouting = argp;
+ entries = vmemdup_array_user(urouting->entries,
+ routing.nr, sizeof(*entries));
+ if (IS_ERR(entries)) {
+ r = PTR_ERR(entries);
+ return r;
+ }
+ }
+ r = kvm_set_irq_routing(plane->kvm, entries, routing.nr,
+ routing.flags, plane->level);
+ kvfree(entries);
+ break;
+ }
+#endif /* CONFIG_HAVE_KVM_IRQ_ROUTING */
default:
r = -ENOTTY;
}
@@ -5506,6 +5534,9 @@ static long kvm_vm_ioctl(struct file *filp,
case KVM_CREATE_VCPU:
#ifdef CONFIG_HAVE_KVM_MSI
case KVM_SIGNAL_MSI:
+#endif
+#ifdef CONFIG_HAVE_KVM_IRQ_ROUTING
+ case KVM_SET_GSI_ROUTING:
#endif
r = __kvm_plane_ioctl(kvm->planes[0], ioctl, arg);
break;
@@ -5635,37 +5666,6 @@ static long kvm_vm_ioctl(struct file *filp,
break;
}
#endif
-#ifdef CONFIG_HAVE_KVM_IRQ_ROUTING
- case KVM_SET_GSI_ROUTING: {
- struct kvm_irq_routing routing;
- struct kvm_irq_routing __user *urouting;
- struct kvm_irq_routing_entry *entries = NULL;
-
- r = -EFAULT;
- if (copy_from_user(&routing, argp, sizeof(routing)))
- goto out;
- r = -EINVAL;
- if (!kvm_arch_can_set_irq_routing(kvm))
- goto out;
- if (routing.nr > KVM_MAX_IRQ_ROUTES)
- goto out;
- if (routing.flags)
- goto out;
- if (routing.nr) {
- urouting = argp;
- entries = vmemdup_array_user(urouting->entries,
- routing.nr, sizeof(*entries));
- if (IS_ERR(entries)) {
- r = PTR_ERR(entries);
- goto out;
- }
- }
- r = kvm_set_irq_routing(kvm, entries, routing.nr,
- routing.flags);
- kvfree(entries);
- break;
- }
-#endif /* CONFIG_HAVE_KVM_IRQ_ROUTING */
#ifdef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES
case KVM_SET_MEMORY_ATTRIBUTES: {
struct kvm_memory_attributes attrs;
--
2.53.0
^ permalink raw reply related
* [PATCH 07/60] KVM: SVM: Add support for the SEV-SNP #HV IPI NAE event
From: Jörg Rödel @ 2026-06-08 14:41 UTC (permalink / raw)
To: Paolo Bonzini, Sean Christopherson
Cc: Tom Lendacky, ashish.kalra, michael.roth, nsaenz, anelkz,
James.Bottomley, Melody Wang, kvm, linux-kernel, kvmarm,
loongarch, linux-mips, linuxppc-dev, kvm-riscv, x86, coconut-svsm,
joerg.roedel
In-Reply-To: <20260608144252.351443-1-joro@8bytes.org>
From: Melody Wang <huibo.wang@amd.com>
The #HV IPI NAE event allows the guest to send an IPI to other vCPUs in the
guest when the Restricted Injection feature is enabled. Implement the NAE
event as per GHCB specification.
Co-developed-by: Thomas Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Thomas Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Melody Wang <huibo.wang@amd.com>
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
---
arch/x86/include/uapi/asm/svm.h | 1 +
arch/x86/kvm/lapic.c | 24 +++++++++++++++++++++++-
arch/x86/kvm/lapic.h | 2 ++
arch/x86/kvm/svm/sev.c | 28 ++++++++++++++++++++++++++++
4 files changed, 54 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h
index d84a13ac4627..d281dd21c540 100644
--- a/arch/x86/include/uapi/asm/svm.h
+++ b/arch/x86/include/uapi/asm/svm.h
@@ -122,6 +122,7 @@
#define SVM_VMGEXIT_HVDB_SET 1
#define SVM_VMGEXIT_HVDB_QUERY 2
#define SVM_VMGEXIT_HVDB_CLEAR 3
+#define SVM_VMGEXIT_HV_IPI 0x80000015ull
#define SVM_VMGEXIT_SNP_RUN_VMPL 0x80000018ull
#define SVM_VMGEXIT_SAVIC 0x8000001aull
#define SVM_VMGEXIT_SAVIC_REGISTER_GPA 0
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 4078e624ca66..ab40a2e4ab9d 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -2558,7 +2558,7 @@ static int kvm_lapic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val)
static int apic_mmio_write(struct kvm_vcpu *vcpu, struct kvm_io_device *this,
gpa_t address, int len, const void *data)
{
- struct kvm_lapic *apic = to_lapic(this);
+ struct kvm_lapic *apic = this ? to_lapic(this) : vcpu->arch.apic;
unsigned int offset = address - apic->base_address;
u32 val;
@@ -3583,3 +3583,25 @@ void kvm_lapic_exit(void)
static_key_deferred_flush(&apic_sw_disabled);
WARN_ON(static_branch_unlikely(&apic_sw_disabled.key));
}
+
+/* Send IPI by writing ICR with MSR write when X2APIC enabled, with mmio write when XAPIC enabled */
+int kvm_xapic_x2apic_send_ipi(struct kvm_vcpu *vcpu, u64 data)
+{
+ u32 icr_msr_addr = APIC_BASE_MSR + (APIC_ICR >> 4);
+ struct kvm_lapic *apic = vcpu->arch.apic;
+ gpa_t gpa = apic->base_address + APIC_ICR;
+
+ if (!kvm_lapic_enabled(vcpu))
+ return 1;
+
+ if (vcpu->arch.apic_base & X2APIC_ENABLE) {
+ if (!kvm_x2apic_msr_write(vcpu, icr_msr_addr, data))
+ return 0;
+ } else {
+ if (!apic_mmio_write(vcpu, NULL, gpa, 4, &data))
+ return 0;
+ }
+
+ return 1;
+}
+EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_xapic_x2apic_send_ipi);
diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
index 274885af4ebc..afd440c88981 100644
--- a/arch/x86/kvm/lapic.h
+++ b/arch/x86/kvm/lapic.h
@@ -156,6 +156,8 @@ int kvm_hv_vapic_msr_read(struct kvm_vcpu *vcpu, u32 msr, u64 *data);
int kvm_lapic_set_pv_eoi(struct kvm_vcpu *vcpu, u64 data, unsigned long len);
void kvm_lapic_exit(void);
+int kvm_xapic_x2apic_send_ipi(struct kvm_vcpu *vcpu, u64 data);
+
u64 kvm_lapic_readable_reg_mask(struct kvm_lapic *apic);
static inline void kvm_lapic_set_irr(int vec, struct kvm_lapic *apic)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 369fb1e36f58..d04f71836ef7 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -35,6 +35,7 @@
#include "svm_ops.h"
#include "cpuid.h"
#include "trace.h"
+#include "lapic.h"
#define GHCB_VERSION_MAX 2ULL
#define GHCB_VERSION_MIN 1ULL
@@ -3538,6 +3539,10 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm)
if (!is_sev_snp_guest(vcpu))
goto vmgexit_err;
break;
+ case SVM_VMGEXIT_HV_IPI:
+ if (!sev_snp_guest(vcpu->kvm))
+ goto vmgexit_err;
+ break;
default:
reason = GHCB_ERR_INVALID_EVENT;
goto vmgexit_err;
@@ -4416,6 +4421,22 @@ static int sev_snp_hv_doorbell_page(struct vcpu_svm *svm)
return 0;
}
+static int sev_snp_hv_ipi(struct vcpu_svm *svm)
+{
+ struct kvm_vcpu *vcpu = &svm->vcpu;
+ u64 icr_info;
+
+ if (!sev_snp_guest(vcpu->kvm))
+ return -EINVAL;
+
+ icr_info = svm->vmcb->control.exit_info_1;
+
+ if (kvm_xapic_x2apic_send_ipi(vcpu, icr_info))
+ return -EINVAL;
+
+ return 0;
+}
+
static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm)
{
struct vmcb_control_area *control = &svm->vmcb->control;
@@ -4698,6 +4719,13 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu)
ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, GHCB_ERR_INVALID_INPUT);
}
+ ret = 1;
+ break;
+ case SVM_VMGEXIT_HV_IPI:
+ if (sev_snp_hv_ipi(svm)) {
+ ghcb_set_sw_exit_info_1(svm->sev_es.ghcb, 2);
+ ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, GHCB_ERR_INVALID_INPUT);
+ }
ret = 1;
break;
case SVM_VMGEXIT_UNSUPPORTED_EVENT:
--
2.53.0
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox