Received: by 2002:a05:7412:bbc7:b0:fc:a2b0:25d7 with SMTP id kh7csp125423rdb; Thu, 1 Feb 2024 04:15:24 -0800 (PST) X-Google-Smtp-Source: AGHT+IHe89Ufow6p9AcfbU+it3DBPe/0qamdM9vtFrzdGP7PljjWygGjZaopCG+eFji0W2BN/3zf X-Received: by 2002:ac8:59cc:0:b0:42a:ad25:21a2 with SMTP id f12-20020ac859cc000000b0042aad2521a2mr8152002qtf.16.1706789723866; Thu, 01 Feb 2024 04:15:23 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706789723; cv=pass; d=google.com; s=arc-20160816; b=eyMWDmRnoVJo8H8i1qUi5fjSBgjJupMynR/R2E4iBomYv854SuQcD7N9A9jGKnQwhP smY0Mucrcxu/CUnQAiMvqVh/YIMntUjczRYPseuJyr455XwwNbH6uUwYea9L9aZV1DuO XTHRS5fJGNNRLVdHx6vqcEafKJrdZx9VYqpAUEMtrSHaA9ocjzqyW7GESE6UsWc2/uB9 o1EoX9oMLTVFqCwoKxEHL/WCKniWjfnY5yCnB1iRAXrqgyp1WDguiOUpbP2iC96MvlS0 rjONWV61bE8IpNoGK9Mi8wrXLvOcPj9PfHu2xYjoZfdmEVvypDmDwa9BFrt8THVzCfK1 3DCg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:references :message-id:subject:cc:to:from:date:dkim-signature; bh=Ku2c4D3ygz/NS4ujVKalJLCcrPPWT3weXAiV/FJoChU=; fh=rLdj2mDjsYLI/8CxaP2FHX+xijZylByd5SZ8RtWtyNw=; b=UTtponL/7Jv+QDCc0N/cI/vIyrkDOPcBjnwILiFWzuV3PN+s3GG3GQ0PctK1dqzLUK DVHc2aCeGiGpiM6wrR59ETJSb4dLmF5R75rMp+q/uds8YQSUQ5z3ubvNF5I2iin05vxH Ytatq+tsq2OcxMdsYgW2ecKFnjbmluEdDs1XhvfA3Lg0/DQIWvETPm9b2G2fYHyKJ+Jj 2wHGOE5PvxIsPgdBaydhIZNWbcMkfb693tY4aR6jIM4g777tNB6E6poJvYhb1VY0uUbm 3pJ4fQYQFk2a5/Efudzxcib9OF2VC6z8LGwY9mMI6qIson9Gm3GuhMuhvOz3G9fHN2yi LzTg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HHVbXHYz; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-47688-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-47688-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Forwarded-Encrypted: i=1; AJvYcCUfXrsmpfmFrRUayikpWDXTOC5L+zunvCf7gNZYW6TagzV7ksgiCajniNLVWCmAsiR35WYmMjRO6Dar+iIwYsjFc8ii7rTzbeTKkKRX0w== Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id n15-20020ac85a0f000000b0042a7558938dsi2585201qta.622.2024.02.01.04.15.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Feb 2024 04:15:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-47688-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=HHVbXHYz; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-47688-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-47688-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 81A401C278CF for ; Thu, 1 Feb 2024 06:16:39 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2CC0462A00; Thu, 1 Feb 2024 06:16:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="HHVbXHYz" Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 614D65FB9C; Thu, 1 Feb 2024 06:16:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=134.134.136.20 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706768189; cv=none; b=uHjaCKHjfy6ZxbNOBVD6SbRUxEsOLxMzeko4+DKLMOGXFX5pJZCuV7PHNcWDZY/5qKv2fHHUf1ro+h/OVLldV4/rCAQNJlC+j+Aymy9W4MYzNP/Jng7VGgaFl1yAp1ZsPKaHLttG4WH4Z4zSjKxFuvjfmmAZnnR9PiiNFJmfJQo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706768189; c=relaxed/simple; bh=/CJW5+f/hsgH8Yfkf9jmrhy26uWv39fxhjkF6NFeymk=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=i0S613SGzvvpyp1yIxRYRiWROg+cZ9OPH9dVNcWWAiKpUn/fzPETXfi1leMeEufjYgw9ibqhUwYTEOETH7qWVfPaCJKP9wnvONXGrKAG9KNquXaJ5rpL9z4PTU4bXrLdgegQM08BOBxiiVB7Ixc2BBkvC/fLujaQ95M71lKjygc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=HHVbXHYz; arc=none smtp.client-ip=134.134.136.20 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1706768187; x=1738304187; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=/CJW5+f/hsgH8Yfkf9jmrhy26uWv39fxhjkF6NFeymk=; b=HHVbXHYzJv7Wu64wkK6JvuK3cmrvmrBIwV3HpdHYGCKEvIZCXCLAYmlD pJeESNn+oqfgywjIUzkIUq9JCAtWPzj6ePrXAuYZ5ahEFUvIckG5jsaLf 6buXAsvTfBEpmEZXDAThK2ud4XUiIYjJ5tEhwviOAy498F2oW2gMYyVMK 0oTRzIb3bYbDJq3LWLTMwEZvSmC4N5BTyBLdk+sQrOQaKCnVuhKlisizw aa0cJw29btrntW7RUxymByKSJjERTsNp29qHR+aa/Jz4JLwrEP3E/79BF skqTQF1ZgMHKWMo8EJiKP9+y76uE2kF2+JF/ia+GUxTJwyAawf9Kg9MfJ g==; X-IronPort-AV: E=McAfee;i="6600,9927,10969"; a="394266941" X-IronPort-AV: E=Sophos;i="6.05,234,1701158400"; d="scan'208";a="394266941" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Jan 2024 22:16:26 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,234,1701158400"; d="scan'208";a="4324644" Received: from yy-desk-7060.sh.intel.com (HELO localhost) ([10.239.159.76]) by fmviesa003.fm.intel.com with ESMTP; 31 Jan 2024 22:16:22 -0800 Date: Thu, 1 Feb 2024 14:16:22 +0800 From: Yuan Yao To: Binbin Wu Cc: isaku.yamahata@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , Kai Huang , chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com Subject: Re: [PATCH v18 023/121] KVM: TDX: Make KVM_CAP_MAX_VCPUS backend specific Message-ID: <20240201061622.hvun7amakvbplmsb@yy-desk-7060> References: <7cc28677-f7d1-4aba-8557-66c685115074@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7cc28677-f7d1-4aba-8557-66c685115074@linux.intel.com> User-Agent: NeoMutt/20171215 On Wed, Jan 24, 2024 at 09:17:15AM +0800, Binbin Wu wrote: > > > On 1/23/2024 7:52 AM, isaku.yamahata@intel.com wrote: > > From: Isaku Yamahata > > > > TDX has its own limitation on the maximum number of vcpus that the guest > > can accommodate. Allow x86 kvm backend to implement its own KVM_ENABLE_CAP > > handler and implement TDX backend for KVM_CAP_MAX_VCPUS. user space VMM, > > e.g. qemu, can specify its value instead of KVM_MAX_VCPUS. > For legacy VM, KVM just provides the interface to query the max_vcpus. > Why TD needs to provide a interface for userspace to set the limitation? > What's the scenario? I think the reason is TDH.MNG.INIT needs it: TD_PARAMS: MAX_VCPUS: offset: 16 bytes. type: Unsigned 16b Integer. size: 2. Description: Maximum number of VCPUs. May better to clarify this in the commit yet. > > > > > > Signed-off-by: Isaku Yamahata > > --- > > v18: > > - use TDX instead of "x86, tdx" in subject > > - use min(max_vcpu, TDX_MAX_VCPU) instead of > > min3(max_vcpu, KVM_MAX_VCPU, TDX_MAX_VCPU) > > - make "if (KVM_MAX_VCPU) and if (TDX_MAX_VCPU)" into one if statement > > --- > > arch/x86/include/asm/kvm-x86-ops.h | 2 ++ > > arch/x86/include/asm/kvm_host.h | 2 ++ > > arch/x86/kvm/vmx/main.c | 22 ++++++++++++++++++++++ > > arch/x86/kvm/vmx/tdx.c | 29 +++++++++++++++++++++++++++++ > > arch/x86/kvm/vmx/x86_ops.h | 5 +++++ > > arch/x86/kvm/x86.c | 4 ++++ > > 6 files changed, 64 insertions(+) > > > > diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h > > index 943b21b8b106..2f976c0f3116 100644 > > --- a/arch/x86/include/asm/kvm-x86-ops.h > > +++ b/arch/x86/include/asm/kvm-x86-ops.h > > @@ -21,6 +21,8 @@ KVM_X86_OP(hardware_unsetup) > > KVM_X86_OP(has_emulated_msr) > > KVM_X86_OP(vcpu_after_set_cpuid) > > KVM_X86_OP(is_vm_type_supported) > > +KVM_X86_OP_OPTIONAL(max_vcpus); > > +KVM_X86_OP_OPTIONAL(vm_enable_cap) > > KVM_X86_OP(vm_init) > > KVM_X86_OP_OPTIONAL(vm_destroy) > > KVM_X86_OP_OPTIONAL_RET0(vcpu_precreate) > > diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h > > index 26f4668b0273..db44a92e5659 100644 > > --- a/arch/x86/include/asm/kvm_host.h > > +++ b/arch/x86/include/asm/kvm_host.h > > @@ -1602,7 +1602,9 @@ struct kvm_x86_ops { > > void (*vcpu_after_set_cpuid)(struct kvm_vcpu *vcpu); > > bool (*is_vm_type_supported)(unsigned long vm_type); > > + int (*max_vcpus)(struct kvm *kvm); > > unsigned int vm_size; > > + int (*vm_enable_cap)(struct kvm *kvm, struct kvm_enable_cap *cap); > > int (*vm_init)(struct kvm *kvm); > > void (*vm_destroy)(struct kvm *kvm); > > diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c > > index 50da807d7aea..4611f305a450 100644 > > --- a/arch/x86/kvm/vmx/main.c > > +++ b/arch/x86/kvm/vmx/main.c > > @@ -6,6 +6,7 @@ > > #include "nested.h" > > #include "pmu.h" > > #include "tdx.h" > > +#include "tdx_arch.h" > > static bool enable_tdx __ro_after_init; > > module_param_named(tdx, enable_tdx, bool, 0444); > > @@ -16,6 +17,17 @@ static bool vt_is_vm_type_supported(unsigned long type) > > (enable_tdx && tdx_is_vm_type_supported(type)); > > } > > +static int vt_max_vcpus(struct kvm *kvm) > > +{ > > + if (!kvm) > > + return KVM_MAX_VCPUS; > > + > > + if (is_td(kvm)) > > + return min(kvm->max_vcpus, TDX_MAX_VCPUS); > > + > > + return kvm->max_vcpus; > > +} > > + > > static int vt_hardware_enable(void) > > { > > int ret; > > @@ -54,6 +66,14 @@ static void vt_hardware_unsetup(void) > > vmx_hardware_unsetup(); > > } > > +static int vt_vm_enable_cap(struct kvm *kvm, struct kvm_enable_cap *cap) > > +{ > > + if (is_td(kvm)) > > + return tdx_vm_enable_cap(kvm, cap); > > + > > + return -EINVAL; > > +} > > + > > static int vt_vm_init(struct kvm *kvm) > > { > > if (is_td(kvm)) > > @@ -91,7 +111,9 @@ struct kvm_x86_ops vt_x86_ops __initdata = { > > .has_emulated_msr = vmx_has_emulated_msr, > > .is_vm_type_supported = vt_is_vm_type_supported, > > + .max_vcpus = vt_max_vcpus, > > .vm_size = sizeof(struct kvm_vmx), > > + .vm_enable_cap = vt_vm_enable_cap, > > .vm_init = vt_vm_init, > > .vm_destroy = vmx_vm_destroy, > > diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c > > index 8c463407f8a8..876ad7895b88 100644 > > --- a/arch/x86/kvm/vmx/tdx.c > > +++ b/arch/x86/kvm/vmx/tdx.c > > @@ -100,6 +100,35 @@ struct tdx_info { > > /* Info about the TDX module. */ > > static struct tdx_info *tdx_info; > > +int tdx_vm_enable_cap(struct kvm *kvm, struct kvm_enable_cap *cap) > > +{ > > + int r; > > + > > + switch (cap->cap) { > > + case KVM_CAP_MAX_VCPUS: { > > + if (cap->flags || cap->args[0] == 0) > > + return -EINVAL; > > + if (cap->args[0] > KVM_MAX_VCPUS || > > + cap->args[0] > TDX_MAX_VCPUS) > > + return -E2BIG; > > + > > + mutex_lock(&kvm->lock); > > + if (kvm->created_vcpus) > > + r = -EBUSY; > > + else { > > + kvm->max_vcpus = cap->args[0]; > > + r = 0; > > + } > > + mutex_unlock(&kvm->lock); > > + break; > > + } > > + default: > > + r = -EINVAL; > > + break; > > + } > > + return r; > > +} > > + > > static int tdx_get_capabilities(struct kvm_tdx_cmd *cmd) > > { > > struct kvm_tdx_capabilities __user *user_caps; > > diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h > > index 6e238142b1e8..3a3be66888da 100644 > > --- a/arch/x86/kvm/vmx/x86_ops.h > > +++ b/arch/x86/kvm/vmx/x86_ops.h > > @@ -139,12 +139,17 @@ int __init tdx_hardware_setup(struct kvm_x86_ops *x86_ops); > > void tdx_hardware_unsetup(void); > > bool tdx_is_vm_type_supported(unsigned long type); > > +int tdx_vm_enable_cap(struct kvm *kvm, struct kvm_enable_cap *cap); > > int tdx_vm_ioctl(struct kvm *kvm, void __user *argp); > > #else > > static inline int tdx_hardware_setup(struct kvm_x86_ops *x86_ops) { return -EOPNOTSUPP; } > > static inline void tdx_hardware_unsetup(void) {} > > static inline bool tdx_is_vm_type_supported(unsigned long type) { return false; } > > +static inline int tdx_vm_enable_cap(struct kvm *kvm, struct kvm_enable_cap *cap) > > +{ > > + return -EINVAL; > > +}; > > static inline int tdx_vm_ioctl(struct kvm *kvm, void __user *argp) { return -EOPNOTSUPP; } > > #endif > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > > index dd3a23d56621..a1389ddb1b33 100644 > > --- a/arch/x86/kvm/x86.c > > +++ b/arch/x86/kvm/x86.c > > @@ -4726,6 +4726,8 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) > > break; > > case KVM_CAP_MAX_VCPUS: > > r = KVM_MAX_VCPUS; > > + if (kvm_x86_ops.max_vcpus) > > + r = static_call(kvm_x86_max_vcpus)(kvm); > > break; > > case KVM_CAP_MAX_VCPU_ID: > > r = KVM_MAX_VCPU_IDS; > > @@ -6683,6 +6685,8 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm, > > break; > > default: > > r = -EINVAL; > > + if (kvm_x86_ops.vm_enable_cap) > > + r = static_call(kvm_x86_vm_enable_cap)(kvm, cap); > > break; > > } > > return r; > >