Re: [RFC 21/55] KVM: arm64: Forward HVC instruction to the guest hypervisor
From: Will Deacon
Date: Mon Jul 03 2017 - 08:04:10 EST
On Mon, Jul 03, 2017 at 11:51:26AM +0200, Christoffer Dall wrote:
> On Mon, Jul 03, 2017 at 11:31:56AM +0200, Andrew Jones wrote:
> > On Mon, Jul 03, 2017 at 11:08:50AM +0200, Christoffer Dall wrote:
> > > On Mon, Jun 26, 2017 at 11:21:25AM -0400, Jintack Lim wrote:
> > > > On Wed, Feb 22, 2017 at 6:47 AM, Christoffer Dall <cdall@xxxxxxxxxx> wrote:
> > > > > On Mon, Jan 09, 2017 at 01:24:17AM -0500, Jintack Lim wrote:
> > > > >> +/* We forward all hvc instruction to the guest hypervisor. */
> > > > >> +int handle_hvc_nested(struct kvm_vcpu *vcpu)
> > > > >> +{
> > > > >> + return kvm_inject_nested_sync(vcpu, kvm_vcpu_get_hsr(vcpu));
> > > > >> +}
> > > > >
> > > > > I don't understand the logic here or in the caller above. Do we really
> > > > > forward *all" hvc calls to the guest hypervisor now, so that we no
> > > > > longer support any hypercalls from the VM? That seems a little rough
> > > > > and probably requires some more discussions.
> > > >
> > > > So I think if we run a VM with the EL2 support, then all hvc calls
> > > > from the VM should be forwarded to the virtual EL2.
> > >
> > > But do we actually check if the guest has EL2 here? It seems you cann
> > > handle_hvc_nested unconditionally when you have
> > > OCNFIG_KVM_ARM_NESTED_HYP. I think that's what threw me off when first
> > > reading your patch.
> > >
> > > >
> > > > I may miss something obvious, so can you (or anyone) come up with some
> > > > cases that the host hypervisor needs to directly handle hvc from the
> > > > VM with the EL2 support?
> > > >
> > >
> > > So I'm a little unsure what to say here. On one hand you are absolutely
> > > correct, that architecturally if we emulated virtual EL2, then all
> > > hypercalls are handled by the virtual EL2 (even hypercalls from virtual
> > > EL2 which should become self-hypercalls).
> > >
> > > On the other hand, an enlightened guest may want to use hypercalls to
> > > the hypervisor for some reason, but that would require some numbering
> > > scheme to separate the two concepts.
> >
> > Yes, I've been thinking that a KVM generic vcpu needs to be enlightened,
> > and to use a hypercall to get the host cpu's errata. If we head down that
> > road, then even a vcpu emulating EL2 would need to be able to this.
> >
>
> We could use SMC calls here a well, as the "conduit" as I believe the
> ARM folks are calling it. We just need to agree somewhere (across
> hypervisors preferably), that when you have virtual EL2, everything is
> via SMC (even upcalls to a host hypervisor), and otherwise it's via HVC.
Does that mean you require the CPU to implement EL3 if you want to use
nested virtualisation?
Will