|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH v2] x86/hvm: Add Kconfig option to disable nested virtualization
On Mon, 9 Feb 2026, Jan Beulich wrote:
> On 06.02.2026 22:05, Stefano Stabellini wrote:
> > --- a/xen/arch/x86/hvm/Kconfig
> > +++ b/xen/arch/x86/hvm/Kconfig
> > @@ -92,4 +92,14 @@ config MEM_SHARING
> > bool "Xen memory sharing support (UNSUPPORTED)" if UNSUPPORTED
> > depends on INTEL_VMX
> >
> > +config NESTED_VIRT
> > + bool "Nested virtualization support"
> > + depends on AMD_SVM || INTEL_VMX
>
> Should be HVM? Or else have separate NESTED_SVM and NESTED_VMX?
>
> > + default n
>
> Please omit such a redundant line.
done and done
> > --- a/xen/arch/x86/hvm/svm/nestedhvm.h
> > +++ b/xen/arch/x86/hvm/svm/nestedhvm.h
> > @@ -26,6 +26,13 @@
> > #define nsvm_efer_svm_enabled(v) \
> > (!!((v)->arch.hvm.guest_efer & EFER_SVME))
> >
> > +#define NSVM_INTR_NOTHANDLED 3
> > +#define NSVM_INTR_NOTINTERCEPTED 2
> > +#define NSVM_INTR_FORCEVMEXIT 1
> > +#define NSVM_INTR_MASKED 0
>
> It feels suspicious that all of these need moving ...
>
> > +#ifdef CONFIG_NESTED_VIRT
>
> ... ahead of this.
Not needed anymore
> > --- a/xen/arch/x86/include/asm/hvm/nestedhvm.h
> > +++ b/xen/arch/x86/include/asm/hvm/nestedhvm.h
> > @@ -25,9 +25,21 @@ enum nestedhvm_vmexits {
> > /* Nested HVM on/off per domain */
> > static inline bool nestedhvm_enabled(const struct domain *d)
> > {
> > - return IS_ENABLED(CONFIG_HVM) && (d->options &
> > XEN_DOMCTL_CDF_nested_virt);
> > + return IS_ENABLED(CONFIG_NESTED_VIRT) &&
> > + (d->options & XEN_DOMCTL_CDF_nested_virt);
> > }
> >
> > +/* Nested paging */
> > +#define NESTEDHVM_PAGEFAULT_DONE 0
> > +#define NESTEDHVM_PAGEFAULT_INJECT 1
> > +#define NESTEDHVM_PAGEFAULT_L1_ERROR 2
> > +#define NESTEDHVM_PAGEFAULT_L0_ERROR 3
> > +#define NESTEDHVM_PAGEFAULT_MMIO 4
> > +#define NESTEDHVM_PAGEFAULT_RETRY 5
> > +#define NESTEDHVM_PAGEFAULT_DIRECT_MMIO 6
> > +
> > +#ifdef CONFIG_NESTED_VIRT
>
> Same here.
the stub nestedhvm_hap_nested_page_fault() returns
NESTEDHVM_PAGEFAULT_L0_ERROR, so these defines must be available
unconditionally.
> > --- a/xen/arch/x86/mm/hap/Makefile
> > +++ b/xen/arch/x86/mm/hap/Makefile
> > @@ -2,5 +2,5 @@ obj-y += hap.o
> > obj-y += guest_walk_2.o
> > obj-y += guest_walk_3.o
> > obj-y += guest_walk_4.o
> > -obj-y += nested_hap.o
> > -obj-$(CONFIG_INTEL_VMX) += nested_ept.o
> > +obj-$(CONFIG_NESTED_VIRT) += nested_hap.o
> > +obj-$(filter $(CONFIG_NESTED_VIRT),$(CONFIG_INTEL_VMX)) += nested_ept.o
>
> Maybe slightly easier to read as
>
> nested-y := nested_hap.o
> nested-$(CONFIG_INTEL_VMX) += nested_ept.o
> obj-$(CONFIG_NESTED_VIRT) += $(nested-y)
OK
> > --- a/xen/arch/x86/sysctl.c
> > +++ b/xen/arch/x86/sysctl.c
> > @@ -103,6 +103,8 @@ void arch_do_physinfo(struct xen_sysctl_physinfo *pi)
> > pi->capabilities |= XEN_SYSCTL_PHYSCAP_hap;
> > if ( IS_ENABLED(CONFIG_SHADOW_PAGING) )
> > pi->capabilities |= XEN_SYSCTL_PHYSCAP_shadow;
> > + if ( hvm_nested_virt_supported() )
> > + pi->capabilities |= XEN_SYSCTL_PHYSCAP_nestedhvm;
> > }
> >
> > long arch_do_sysctl(
> > --- a/xen/include/public/sysctl.h
> > +++ b/xen/include/public/sysctl.h
> > @@ -100,9 +100,11 @@ struct xen_sysctl_tbuf_op {
> > /* Xen supports the Grant v1 and/or v2 ABIs. */
> > #define XEN_SYSCTL_PHYSCAP_gnttab_v1 (1u << 8)
> > #define XEN_SYSCTL_PHYSCAP_gnttab_v2 (1u << 9)
> > +/* The platform supports nested HVM. */
> > +#define XEN_SYSCTL_PHYSCAP_nestedhvm (1u << 10)
>
> Doesn't this want introducing up front, for the tool stack to make use of?
What do you mean by "up front" in this context? In a separate toolstack
patch?
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |