lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 21 Oct 2022 11:59:16 -0700
From:   Vipin Sharma <vipinsh@...gle.com>
To:     vkuznets@...hat.com, seanjc@...gle.com, pbonzini@...hat.com,
        dmatlack@...gle.com, kvm@...r.kernel.org
Cc:     shujunxue@...gle.com, terrytaehyun@...gle.com,
        linux-kernel@...r.kernel.org, Vipin Sharma <vipinsh@...gle.com>
Subject: [RFC PATCH] Add Hyperv extended hypercall support in KVM

Hyperv hypercalls above 0x8000 are called as extended hypercalls as per
Hyperv TLFS. Hypercall 0x8001 is used to enquire about available
hypercalls by guest VMs.

Add support for HvExtCallQueryCapabilities (0x8001) and
HvExtCallGetBootZeroedMemory (0x8002) in KVM.

A guest VM finds availability of HvExtCallQueryCapabilities (0x8001) by
using CPUID.0x40000003.EBX BIT(20). If the bit is set then the guest VM
make hypercall HvExtCallQueryCapabilities (0x8001) to know what all
extended hypercalls are supported by hypervisor.

A userspace VMM can query capability KVM_CAP_HYPERV_EXT_CALL_QUERY to
know which extended hypercalls are supported in KVM. After which the
userspace will enable capabilities for the guest VM.

HvExtCallQueryCapabilities (0x8001) is handled by KVM in kernel,
whereas, HvExtCallGetBootZeroedMemory (0x8002) is passed to userspace
for further action.

Change-Id: Ib3709fadbf11f91be2842c8486bcbe755e09cbea
Signed-off-by: Vipin Sharma <vipinsh@...gle.com>
---

Hi,

This is an RFC patch based on the previous discussion
https://lore.kernel.org/kvm/CAHVum0cbWBXUnJ4s32Yn=TfPXLypv_RRT6LmA_QoBHw3Y+kA7w@mail.gmail.com/#t

Things missing in this RFC patch which I will add when sending proper
patch:
1. Documentation
2. Selftest
3. Multiple smaller patches instead of one.

I also need suggestions regarding KVM_ENABLE_CAP usage in this patch. My
idea is userspace can query to know what all capabilities are supported by KVM
and based on that it can call KVM_ENABLE_CAP to enable only select
capabilities. Also userspace need to enforce hyperv CPUID check by
KVM_CAP_HYPERV_ENFORCE_CPUID to make sure these are enforced (hyperv
default is to accept all, hv_check_hypercall_access()).

Current approach is storing capabilities given by userspace in struct kvm_hv{},
I was not sure which will be good place, struct kvm_hv{} or struct
kvm_vcpu_hv{}.

Thanks
Vipin

 arch/x86/include/asm/hyperv-tlfs.h |  3 ++
 arch/x86/include/asm/kvm_host.h    |  2 ++
 arch/x86/kvm/hyperv.c              | 55 ++++++++++++++++++++++++++++++
 arch/x86/kvm/hyperv.h              |  1 +
 arch/x86/kvm/x86.c                 |  5 +++
 include/asm-generic/hyperv-tlfs.h  |  4 ++-
 include/uapi/linux/kvm.h           |  1 +
 7 files changed, 70 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/hyperv-tlfs.h b/arch/x86/include/asm/hyperv-tlfs.h
index 3089ec352743..421279a61a9a 100644
--- a/arch/x86/include/asm/hyperv-tlfs.h
+++ b/arch/x86/include/asm/hyperv-tlfs.h
@@ -158,6 +158,9 @@
 #define HV_SHARED_GPA_BOUNDARY_ACTIVE			BIT(5)
 #define HV_SHARED_GPA_BOUNDARY_BITS			GENMASK(11, 6)
 
+/* Extended hypercalls supported by KVM */
+#define HV_EXT_CALL_QUERY_CAPABILITIES_MASK		BIT(0)
+
 enum hv_isolation_type {
 	HV_ISOLATION_TYPE_NONE	= 0,
 	HV_ISOLATION_TYPE_VBS	= 1,
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 7551b6f9c31c..b1892ea39a23 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1041,6 +1041,8 @@ struct kvm_hv {
 
 	struct hv_partition_assist_pg *hv_pa_pg;
 	struct kvm_hv_syndbg hv_syndbg;
+
+	u64 extended_hypercalls_cap;
 };
 
 struct msr_bitmap_range {
diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c
index 0adf4a437e85..5f0b7d8789a8 100644
--- a/arch/x86/kvm/hyperv.c
+++ b/arch/x86/kvm/hyperv.c
@@ -32,6 +32,7 @@
 #include <linux/eventfd.h>
 
 #include <asm/apicdef.h>
+#include <asm/hyperv-tlfs.h>
 #include <trace/events/kvm.h>
 
 #include "trace.h"
@@ -2140,6 +2141,8 @@ static void kvm_hv_hypercall_read_xmm(struct kvm_hv_hcall *hc)
 
 static bool hv_check_hypercall_access(struct kvm_vcpu_hv *hv_vcpu, u16 code)
 {
+	struct kvm_hv *hv;
+
 	if (!hv_vcpu->enforce_cpuid)
 		return true;
 
@@ -2178,6 +2181,14 @@ static bool hv_check_hypercall_access(struct kvm_vcpu_hv *hv_vcpu, u16 code)
 	case HVCALL_SEND_IPI:
 		return hv_vcpu->cpuid_cache.enlightenments_eax &
 			HV_X64_CLUSTER_IPI_RECOMMENDED;
+	case HV_EXT_CALL_QUERY_CAPABILITIES:
+		return hv_vcpu->cpuid_cache.features_ebx &
+				HV_ENABLE_EXTENDED_HYPERCALLS;
+	case HV_EXT_CALL_GET_BOOT_ZEROED_MEMORY:
+		hv = to_kvm_hv(hv_vcpu->vcpu->kvm);
+		return hv->extended_hypercalls_cap &
+			HV_EXT_CAPABILITY_GET_BOOT_ZEROED_MEMORY;
+		break;
 	default:
 		break;
 	}
@@ -2189,6 +2200,7 @@ int kvm_hv_hypercall(struct kvm_vcpu *vcpu)
 {
 	struct kvm_vcpu_hv *hv_vcpu = to_hv_vcpu(vcpu);
 	struct kvm_hv_hcall hc;
+	struct kvm_hv *hv;
 	u64 ret = HV_STATUS_SUCCESS;
 
 	/*
@@ -2345,6 +2357,30 @@ int kvm_hv_hypercall(struct kvm_vcpu *vcpu)
 				kvm_hv_hypercall_complete_userspace;
 		return 0;
 	}
+	case HV_EXT_CALL_QUERY_CAPABILITIES:
+		if (unlikely(hc.fast)) {
+			ret = HV_STATUS_INVALID_PARAMETER;
+			break;
+		}
+		hv = to_kvm_hv(hv_vcpu->vcpu->kvm);
+		if (kvm_vcpu_write_guest(vcpu, hc.outgpa,
+					 &hv->extended_hypercalls_cap,
+					 sizeof(hv->extended_hypercalls_cap)))
+			ret = HV_STATUS_OPERATION_DENIED;
+		break;
+	case HV_EXT_CALL_GET_BOOT_ZEROED_MEMORY:
+		if (unlikely(hc.fast)) {
+			ret = HV_STATUS_INVALID_PARAMETER;
+			break;
+		}
+		vcpu->run->exit_reason = KVM_EXIT_HYPERV;
+		vcpu->run->hyperv.type = KVM_EXIT_HYPERV_HCALL;
+		vcpu->run->hyperv.u.hcall.input = hc.param;
+		vcpu->run->hyperv.u.hcall.params[0] = hc.ingpa;
+		vcpu->run->hyperv.u.hcall.params[1] = hc.outgpa;
+		vcpu->arch.complete_userspace_io =
+				kvm_hv_hypercall_complete_userspace;
+		return 0;
 	default:
 		ret = HV_STATUS_INVALID_HYPERCALL_CODE;
 		break;
@@ -2494,6 +2530,7 @@ int kvm_get_hv_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid,
 
 			ent->ebx |= HV_POST_MESSAGES;
 			ent->ebx |= HV_SIGNAL_EVENTS;
+			ent->ebx |= HV_ENABLE_EXTENDED_HYPERCALLS;
 
 			ent->edx |= HV_X64_HYPERCALL_XMM_INPUT_AVAILABLE;
 			ent->edx |= HV_FEATURE_FREQUENCY_MSRS_AVAILABLE;
@@ -2578,3 +2615,21 @@ int kvm_get_hv_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid,
 
 	return 0;
 }
+
+int kvm_hv_set_ext_call_cap(struct kvm_vcpu *vcpu, uint64_t cap)
+{
+	struct kvm_hv *hv;
+	int r;
+
+	if (cap & ~HV_EXT_CALL_QUERY_CAPABILITIES_MASK)
+		return -EINVAL;
+
+	r = kvm_hv_vcpu_init(vcpu);
+	if (r)
+		return r;
+
+	hv = to_kvm_hv(vcpu->kvm);
+	hv->extended_hypercalls_cap = cap;
+
+	return 0;
+}
diff --git a/arch/x86/kvm/hyperv.h b/arch/x86/kvm/hyperv.h
index 1030b1b50552..b92f8abdbf0d 100644
--- a/arch/x86/kvm/hyperv.h
+++ b/arch/x86/kvm/hyperv.h
@@ -150,5 +150,6 @@ int kvm_hv_set_enforce_cpuid(struct kvm_vcpu *vcpu, bool enforce);
 int kvm_vm_ioctl_hv_eventfd(struct kvm *kvm, struct kvm_hyperv_eventfd *args);
 int kvm_get_hv_cpuid(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid,
 		     struct kvm_cpuid_entry2 __user *entries);
+int kvm_hv_set_ext_call_cap(struct kvm_vcpu *vcpu, uint64_t cap);
 
 #endif
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 4bd5f8a751de..caca1f537f6d 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -4515,6 +4515,9 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
 	case KVM_CAP_X86_NOTIFY_VMEXIT:
 		r = kvm_caps.has_notify_vmexit;
 		break;
+	case KVM_CAP_HYPERV_EXT_CALL_QUERY:
+		r = HV_EXT_CALL_QUERY_CAPABILITIES_MASK;
+		break;
 	default:
 		break;
 	}
@@ -5510,6 +5513,8 @@ static int kvm_vcpu_ioctl_enable_cap(struct kvm_vcpu *vcpu,
 			kvm_update_pv_runtime(vcpu);
 
 		return 0;
+	case KVM_CAP_HYPERV_EXT_CALL_QUERY:
+		return kvm_hv_set_ext_call_cap(vcpu, cap->args[0]);
 	default:
 		return -EINVAL;
 	}
diff --git a/include/asm-generic/hyperv-tlfs.h b/include/asm-generic/hyperv-tlfs.h
index fdce7a4cfc6f..15ffc2c5d950 100644
--- a/include/asm-generic/hyperv-tlfs.h
+++ b/include/asm-generic/hyperv-tlfs.h
@@ -162,6 +162,7 @@ struct ms_hyperv_tsc_page {
 
 /* Extended hypercalls */
 #define HV_EXT_CALL_QUERY_CAPABILITIES		0x8001
+#define HV_EXT_CALL_GET_BOOT_ZEROED_MEMORY	0x8002
 #define HV_EXT_CALL_MEMORY_HEAT_HINT		0x8003
 
 #define HV_FLUSH_ALL_PROCESSORS			BIT(0)
@@ -170,7 +171,8 @@ struct ms_hyperv_tsc_page {
 #define HV_FLUSH_USE_EXTENDED_RANGE_FORMAT	BIT(3)
 
 /* Extended capability bits */
-#define HV_EXT_CAPABILITY_MEMORY_COLD_DISCARD_HINT BIT(8)
+#define HV_EXT_CAPABILITY_GET_BOOT_ZEROED_MEMORY	BIT(0)
+#define HV_EXT_CAPABILITY_MEMORY_COLD_DISCARD_HINT	BIT(8)
 
 enum HV_GENERIC_SET_FORMAT {
 	HV_GENERIC_SET_SPARSE_4K,
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index 0d5d4419139a..42860137e545 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -1178,6 +1178,7 @@ struct kvm_ppc_resize_hpt {
 #define KVM_CAP_S390_ZPCI_OP 221
 #define KVM_CAP_S390_CPU_TOPOLOGY 222
 #define KVM_CAP_DIRTY_LOG_RING_ACQ_REL 223
+#define KVM_CAP_HYPERV_EXT_CALL_QUERY 224
 
 #ifdef KVM_CAP_IRQ_ROUTING
 
-- 
2.38.0.135.g90850a2211-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ