Re: [PATCH v13 006/113] KVM: x86: Introduce vm_type to differentiate default VMs from confidential VMs

Isaku Yamahata <isaku.yamahata@xxxxxxxxx> · Thu, 16 Mar 2023 08:34:50 -0700

On Wed, Mar 15, 2023 at 10:44:57AM +0000,
"Huang, Kai" <kai.huang@xxxxxxxxx> wrote:

> On Sun, 2023-03-12 at 10:55 -0700, isaku.yamahata@xxxxxxxxx wrote:
> >  
> > -static bool kvm_is_vm_type_supported(unsigned long type)
> > +bool __kvm_is_vm_type_supported(unsigned long type)
> >  {
> >  	return type == KVM_X86_DEFAULT_VM ||
> >  	       (type == KVM_X86_PROTECTED_VM &&
> >  	        IS_ENABLED(CONFIG_KVM_PROTECTED_VM) && tdp_enabled);
> >  }
> > +EXPORT_SYMBOL_GPL(__kvm_is_vm_type_supported);
> 
> Where is CONFIG_KVM_PROTECTED_VM introduced?

UPM patch series.

    KVM: x86: Add support for "protected VMs" that can utilize private memory

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index fa195797461e..e8f334b0ff2c 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1245,6 +1245,7 @@ enum kvm_apicv_inhibit {
 };
 
 struct kvm_arch {
+       unsigned long vm_type;
        unsigned long n_used_mmu_pages;
        unsigned long n_requested_mmu_pages;
        unsigned long n_max_mmu_pages;
@@ -2049,6 +2050,12 @@ void kvm_mmu_new_pgd(struct kvm_vcpu *vcpu, gpa_t new_pgd);
 void kvm_configure_mmu(bool enable_tdp, int tdp_forced_root_level,
                       int tdp_max_root_level, int tdp_huge_page_level);
 
+#ifdef CONFIG_KVM_PRIVATE_MEM
+#define kvm_arch_has_private_mem(kvm) ((kvm)->arch.vm_type != KVM_X86_DEFAULT_VM)
+#else
+#define kvm_arch_has_private_mem(kvm) false
+#endif
+
 static inline u16 kvm_read_ldt(void)
 {
        u16 ldt;
...
diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h
index 7f467fe05d42..6afbfbb32d56 100644
--- a/arch/x86/include/uapi/asm/kvm.h
+++ b/arch/x86/include/uapi/asm/kvm.h
@@ -559,4 +559,7 @@ struct kvm_pmu_event_filter {
 #define KVM_VCPU_TSC_CTRL 0 /* control group for the timestamp counter (TSC) */
 #define   KVM_VCPU_TSC_OFFSET 0 /* attribute for the TSC offset */
 
+#define KVM_X86_DEFAULT_VM     0
+#define KVM_X86_PROTECTED_VM   1
+
 #endif /* _ASM_X86_KVM_H */
...
diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig
index ed84bb3cd82d..718010600956 100644
--- a/arch/x86/kvm/Kconfig
+++ b/arch/x86/kvm/Kconfig
@@ -78,6 +78,17 @@ config KVM_WERROR
 
          If in doubt, say "N".
 
+config KVM_PROTECTED_VM
+       bool "Enable support for KVM-protected VMs"
+       depends on EXPERT
+       depends on X86_64
+       select KVM_GENERIC_PRIVATE_MEM
+       help
+         Enable support KVM-protected VMs.  Currently 'protected' means the VM
+         can be backed with restricted/private memory.
+
+         If unsure, say "N".
+
 config KVM_INTEL
        tristate "KVM for Intel (and compatible) processo

-- 
Isaku Yamahata <isaku.yamahata@xxxxxxxxx>






