On Fri, Jun 21, 2019 at 10:37:48AM +0100, Marc Zyngier wrote: > From: Christoffer Dall <christoffer.dall@xxxxxxx> > > Introduce the feature bit and a primitive that checks if the feature is > set behind a static key check based on the cpus_have_const_cap check. > > Checking nested_virt_in_use() on systems without nested virt enabled > should have neglgible overhead. > > We don't yet allow userspace to actually set this feature. > > Signed-off-by: Christoffer Dall <christoffer.dall@xxxxxxx> > Signed-off-by: Marc Zyngier <marc.zyngier@xxxxxxx> > --- > arch/arm/include/asm/kvm_nested.h | 9 +++++++++ > arch/arm64/include/asm/kvm_nested.h | 13 +++++++++++++ > arch/arm64/include/uapi/asm/kvm.h | 1 + > 3 files changed, 23 insertions(+) > create mode 100644 arch/arm/include/asm/kvm_nested.h > create mode 100644 arch/arm64/include/asm/kvm_nested.h > > diff --git a/arch/arm/include/asm/kvm_nested.h b/arch/arm/include/asm/kvm_nested.h > new file mode 100644 > index 000000000000..124ff6445f8f > --- /dev/null > +++ b/arch/arm/include/asm/kvm_nested.h > @@ -0,0 +1,9 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > +#ifndef __ARM_KVM_NESTED_H > +#define __ARM_KVM_NESTED_H > + > +#include <linux/kvm_host.h> > + > +static inline bool nested_virt_in_use(const struct kvm_vcpu *vcpu) { return false; } > + > +#endif /* __ARM_KVM_NESTED_H */ > diff --git a/arch/arm64/include/asm/kvm_nested.h b/arch/arm64/include/asm/kvm_nested.h > new file mode 100644 > index 000000000000..8a3d121a0b42 > --- /dev/null > +++ b/arch/arm64/include/asm/kvm_nested.h > @@ -0,0 +1,13 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > +#ifndef __ARM64_KVM_NESTED_H > +#define __ARM64_KVM_NESTED_H > + > +#include <linux/kvm_host.h> > + > +static inline bool nested_virt_in_use(const struct kvm_vcpu *vcpu) > +{ > + return cpus_have_const_cap(ARM64_HAS_NESTED_VIRT) && > + test_bit(KVM_ARM_VCPU_NESTED_VIRT, vcpu->arch.features); > +} > + > +#endif /* __ARM64_KVM_NESTED_H */ > diff --git a/arch/arm64/include/uapi/asm/kvm.h b/arch/arm64/include/uapi/asm/kvm.h > index d819a3e8b552..563e2a8bae93 100644 > --- a/arch/arm64/include/uapi/asm/kvm.h > +++ b/arch/arm64/include/uapi/asm/kvm.h > @@ -106,6 +106,7 @@ struct kvm_regs { > #define KVM_ARM_VCPU_SVE 4 /* enable SVE for this CPU */ > #define KVM_ARM_VCPU_PTRAUTH_ADDRESS 5 /* VCPU uses address authentication */ > #define KVM_ARM_VCPU_PTRAUTH_GENERIC 6 /* VCPU uses generic authentication */ > +#define KVM_ARM_VCPU_NESTED_VIRT 7 /* Support nested virtualization */ This seems weirdly named: Isn't the feature we're exposing here really EL2? In that case, the feature the guest gets with this flag enabled is plain virtualisation, possibly with the option to nest further. Does the guest also get nested virt (i.e., recursively nested virt from the host's PoV) as a side effect, or would require an explicit extra flag? Cheers ---Dave