On Mon, Aug 26, 2019 at 04:20:49PM +1000, Suraj Jitindar Singh wrote:
> Don't allow hpt (hash page table) guests to act as guest hypervisors and
> thus be able to run nested guests. There is currently no support for
> this, if a nested guest is to be run it must be run at the lowest level.
> Explicitly disallow hash guests from enabling the nested kvm-hv capability
> at the hypervisor level.
>
> Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@xxxxxxxxx>
> ---
> arch/powerpc/kvm/book3s_hv.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
> index cde3f5a4b3e4..ce960301bfaa 100644
> --- a/arch/powerpc/kvm/book3s_hv.c
> +++ b/arch/powerpc/kvm/book3s_hv.c
> @@ -5336,8 +5336,12 @@ static int kvmhv_enable_nested(struct kvm *kvm)
> return -ENODEV;
>
> /* kvm == NULL means the caller is testing if the capability exists */
> - if (kvm)
> + if (kvm) {
> + /* Only radix guests can act as nested hv and thus run guests */
> + if (!kvm_is_radix(kvm))
> + return -1;
> kvm->arch.nested_enable = true;
> + }
I don't think this is necessary, and is possibly undesirable, since a
guest can switch between HPT and radix mode. In fact if a guest in
HPT mode tries to do any of the hcalls for managing nested guests, it
will get errors, because we have this:
static inline bool nesting_enabled(struct kvm *kvm)
{
return kvm->arch.nested_enable && kvm_is_radix(kvm);
}
and H_SET_PARTITION_TABLE, H_ENTER_NESTED, etc. all return H_FUNCTION
if nested_enabled() is false. (This is as the code is today without
your patch). Furthermore, kvmppc_switch_mmu_to_hpt() does this:
if (nesting_enabled(kvm))
kvmhv_release_all_nested(kvm);
So I think it is all covered already without your patch.
Paul.
