KVM: x86: Introduce control_{pre,post}_system_reset ioctl interfaces

Upstream: no In the upcoming patches, we will support for rebooting CSV2 guests. In order to support rebooting CSV2 guest, we will set vcpu->arch.guest_state_protected to false, before VMRUN, so that VMM can initialize vCPU states and VMSA, and then set vcpu->arch.guest_state_protected back to true to bypass unexpected behaviour in KVM. Besides, cache flush is necessary during rebooting a memory encrypted guest. Introduce control_{pre,post}_system_reset ioctl interfaces to support rebooting memory encrypted guests correctly. Signed-off-by: hanliyang <hanliyang@hygon.cn>
2023-08-08 23:47:22 +08:00 · 2023-08-08 23:47:22 +08:00 · a717c0e01d
parent 0d648c30f0
commit a717c0e01d
5 changed files with 33 additions and 1 deletions
--- a/arch/x86/include/asm/kvm-x86-ops.h
+++ b/arch/x86/include/asm/kvm-x86-ops.h
@ -136,6 +136,8 @@ KVM_X86_OP(complete_emulated_msr)
 KVM_X86_OP(vcpu_deliver_sipi_vector)
 KVM_X86_OP_OPTIONAL_RET0(vcpu_get_apicv_inhibit_reasons);
 KVM_X86_OP_OPTIONAL(vm_attestation)
+KVM_X86_OP_OPTIONAL(control_pre_system_reset)
+KVM_X86_OP_OPTIONAL(control_post_system_reset)

 #undef KVM_X86_OP
 #undef KVM_X86_OP_OPTIONAL
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@ -1752,9 +1752,11 @@ struct kvm_x86_ops {
 	unsigned long (*vcpu_get_apicv_inhibit_reasons)(struct kvm_vcpu *vcpu);

 	/*
-	 * Attestation interface for HYGON CSV guest
+	 * Interfaces for HYGON CSV guest
 	 */
 	int (*vm_attestation)(struct kvm *kvm, unsigned long gpa, unsigned long len);
+	int (*control_pre_system_reset)(struct kvm *kvm);
+	int (*control_post_system_reset)(struct kvm *kvm);
 };

 struct kvm_x86_nested_ops {
--- a/arch/x86/kvm/svm/csv.c
+++ b/arch/x86/kvm/svm/csv.c
@ -973,6 +973,16 @@ bool csv_has_emulated_ghcb_msr(struct kvm *kvm)
 	return true;
 }

+static int csv_control_pre_system_reset(struct kvm *kvm)
+{
+	return 0;
+}
+
+static int csv_control_post_system_reset(struct kvm *kvm)
+{
+	return 0;
+}
+
 void csv_exit(void)
 {
 }
@ -990,4 +1000,6 @@ void __init csv_init(struct kvm_x86_ops *ops)

 	ops->mem_enc_ioctl = csv_mem_enc_ioctl;
 	ops->vm_attestation = csv_vm_attestation;
+	ops->control_pre_system_reset = csv_control_pre_system_reset;
+	ops->control_post_system_reset = csv_control_post_system_reset;
 }
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@ -7121,6 +7121,18 @@ set_pit2_out:
 		r = kvm_vm_ioctl_set_msr_filter(kvm, &filter);
 		break;
 	}
+	case KVM_CONTROL_PRE_SYSTEM_RESET:
+		if (kvm_x86_ops.control_pre_system_reset)
+			r = static_call(kvm_x86_control_pre_system_reset)(kvm);
+		else
+			r = -ENOTTY;
+		break;
+	case KVM_CONTROL_POST_SYSTEM_RESET:
+		if (kvm_x86_ops.control_post_system_reset)
+			r = static_call(kvm_x86_control_post_system_reset)(kvm);
+		else
+			r = -ENOTTY;
+		break;
 	default:
 		r = -ENOTTY;
 	}
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@ -2301,4 +2301,8 @@ struct kvm_csv_receive_update_vmsa {
 	__u32 trans_len;
 };

+/* ioctls for control vm during system reset, currently only for CSV */
+#define KVM_CONTROL_PRE_SYSTEM_RESET	 _IO(KVMIO, 0xe8)
+#define KVM_CONTROL_POST_SYSTEM_RESET	 _IO(KVMIO, 0xe9)
+
 #endif /* __LINUX_KVM_H */