xref: /openbmc/linux/Documentation/virt/kvm/devices/vm.rst (revision 7a836736b6537b0e2633381d743d9c1559ce243c)
1.. SPDX-License-Identifier: GPL-2.0
2
3====================
4Generic vm interface
5====================
6
7The virtual machine "device" also accepts the ioctls KVM_SET_DEVICE_ATTR,
8KVM_GET_DEVICE_ATTR, and KVM_HAS_DEVICE_ATTR. The interface uses the same
9struct kvm_device_attr as other devices, but targets VM-wide settings
10and controls.
11
12The groups and attributes per virtual machine, if any, are architecture
13specific.
14
151. GROUP: KVM_S390_VM_MEM_CTRL
16==============================
17
18:Architectures: s390
19
201.1. ATTRIBUTE: KVM_S390_VM_MEM_ENABLE_CMMA
21-------------------------------------------
22
23:Parameters: none
24:Returns: -EBUSY if a vcpu is already defined, otherwise 0
25
26Enables Collaborative Memory Management Assist (CMMA) for the virtual machine.
27
281.2. ATTRIBUTE: KVM_S390_VM_MEM_CLR_CMMA
29----------------------------------------
30
31:Parameters: none
32:Returns: -EINVAL if CMMA was not enabled;
33	  0 otherwise
34
35Clear the CMMA status for all guest pages, so any pages the guest marked
36as unused are again used any may not be reclaimed by the host.
37
381.3. ATTRIBUTE KVM_S390_VM_MEM_LIMIT_SIZE
39-----------------------------------------
40
41:Parameters: in attr->addr the address for the new limit of guest memory
42:Returns: -EFAULT if the given address is not accessible;
43	  -EINVAL if the virtual machine is of type UCONTROL;
44	  -E2BIG if the given guest memory is to big for that machine;
45	  -EBUSY if a vcpu is already defined;
46	  -ENOMEM if not enough memory is available for a new shadow guest mapping;
47	  0 otherwise.
48
49Allows userspace to query the actual limit and set a new limit for
50the maximum guest memory size. The limit will be rounded up to
512048 MB, 4096 GB, 8192 TB respectively, as this limit is governed by
52the number of page table levels. In the case that there is no limit we will set
53the limit to KVM_S390_NO_MEM_LIMIT (U64_MAX).
54
552. GROUP: KVM_S390_VM_CPU_MODEL
56===============================
57
58:Architectures: s390
59
602.1. ATTRIBUTE: KVM_S390_VM_CPU_MACHINE (r/o)
61---------------------------------------------
62
63Allows user space to retrieve machine and kvm specific cpu related information::
64
65  struct kvm_s390_vm_cpu_machine {
66       __u64 cpuid;           # CPUID of host
67       __u32 ibc;             # IBC level range offered by host
68       __u8  pad[4];
69       __u64 fac_mask[256];   # set of cpu facilities enabled by KVM
70       __u64 fac_list[256];   # set of cpu facilities offered by host
71  }
72
73:Parameters: address of buffer to store the machine related cpu data
74	     of type struct kvm_s390_vm_cpu_machine*
75:Returns:   -EFAULT if the given address is not accessible from kernel space;
76	    -ENOMEM if not enough memory is available to process the ioctl;
77	    0 in case of success.
78
792.2. ATTRIBUTE: KVM_S390_VM_CPU_PROCESSOR (r/w)
80===============================================
81
82Allows user space to retrieve or request to change cpu related information for a vcpu::
83
84  struct kvm_s390_vm_cpu_processor {
85       __u64 cpuid;           # CPUID currently (to be) used by this vcpu
86       __u16 ibc;             # IBC level currently (to be) used by this vcpu
87       __u8  pad[6];
88       __u64 fac_list[256];   # set of cpu facilities currently (to be) used
89			      # by this vcpu
90  }
91
92KVM does not enforce or limit the cpu model data in any form. Take the information
93retrieved by means of KVM_S390_VM_CPU_MACHINE as hint for reasonable configuration
94setups. Instruction interceptions triggered by additionally set facility bits that
95are not handled by KVM need to by implemented in the VM driver code.
96
97:Parameters: address of buffer to store/set the processor related cpu
98	     data of type struct kvm_s390_vm_cpu_processor*.
99:Returns:  -EBUSY in case 1 or more vcpus are already activated (only in write case);
100	   -EFAULT if the given address is not accessible from kernel space;
101	   -ENOMEM if not enough memory is available to process the ioctl;
102	   0 in case of success.
103
104.. _KVM_S390_VM_CPU_MACHINE_FEAT:
105
1062.3. ATTRIBUTE: KVM_S390_VM_CPU_MACHINE_FEAT (r/o)
107--------------------------------------------------
108
109Allows user space to retrieve available cpu features. A feature is available if
110provided by the hardware and supported by kvm. In theory, cpu features could
111even be completely emulated by kvm.
112
113::
114
115  struct kvm_s390_vm_cpu_feat {
116	__u64 feat[16]; # Bitmap (1 = feature available), MSB 0 bit numbering
117  };
118
119:Parameters: address of a buffer to load the feature list from.
120:Returns:  -EFAULT if the given address is not accessible from kernel space;
121	   0 in case of success.
122
1232.4. ATTRIBUTE: KVM_S390_VM_CPU_PROCESSOR_FEAT (r/w)
124----------------------------------------------------
125
126Allows user space to retrieve or change enabled cpu features for all VCPUs of a
127VM. Features that are not available cannot be enabled.
128
129See :ref:`KVM_S390_VM_CPU_MACHINE_FEAT` for
130a description of the parameter struct.
131
132:Parameters: address of a buffer to store/load the feature list from.
133:Returns:   -EFAULT if the given address is not accessible from kernel space;
134	    -EINVAL if a cpu feature that is not available is to be enabled;
135	    -EBUSY if at least one VCPU has already been defined;
136	    0 in case of success.
137
138.. _KVM_S390_VM_CPU_MACHINE_SUBFUNC:
139
1402.5. ATTRIBUTE: KVM_S390_VM_CPU_MACHINE_SUBFUNC (r/o)
141-----------------------------------------------------
142
143Allows user space to retrieve available cpu subfunctions without any filtering
144done by a set IBC. These subfunctions are indicated to the guest VCPU via
145query or "test bit" subfunctions and used e.g. by cpacf functions, plo and ptff.
146
147A subfunction block is only valid if KVM_S390_VM_CPU_MACHINE contains the
148STFL(E) bit introducing the affected instruction. If the affected instruction
149indicates subfunctions via a "query subfunction", the response block is
150contained in the returned struct. If the affected instruction
151indicates subfunctions via a "test bit" mechanism, the subfunction codes are
152contained in the returned struct in MSB 0 bit numbering.
153
154::
155
156  struct kvm_s390_vm_cpu_subfunc {
157       u8 plo[32];           # always valid (ESA/390 feature)
158       u8 ptff[16];          # valid with TOD-clock steering
159       u8 kmac[16];          # valid with Message-Security-Assist
160       u8 kmc[16];           # valid with Message-Security-Assist
161       u8 km[16];            # valid with Message-Security-Assist
162       u8 kimd[16];          # valid with Message-Security-Assist
163       u8 klmd[16];          # valid with Message-Security-Assist
164       u8 pckmo[16];         # valid with Message-Security-Assist-Extension 3
165       u8 kmctr[16];         # valid with Message-Security-Assist-Extension 4
166       u8 kmf[16];           # valid with Message-Security-Assist-Extension 4
167       u8 kmo[16];           # valid with Message-Security-Assist-Extension 4
168       u8 pcc[16];           # valid with Message-Security-Assist-Extension 4
169       u8 ppno[16];          # valid with Message-Security-Assist-Extension 5
170       u8 kma[16];           # valid with Message-Security-Assist-Extension 8
171       u8 kdsa[16];          # valid with Message-Security-Assist-Extension 9
172       u8 reserved[1792];    # reserved for future instructions
173  };
174
175:Parameters: address of a buffer to load the subfunction blocks from.
176:Returns:   -EFAULT if the given address is not accessible from kernel space;
177	    0 in case of success.
178
1792.6. ATTRIBUTE: KVM_S390_VM_CPU_PROCESSOR_SUBFUNC (r/w)
180-------------------------------------------------------
181
182Allows user space to retrieve or change cpu subfunctions to be indicated for
183all VCPUs of a VM. This attribute will only be available if kernel and
184hardware support are in place.
185
186The kernel uses the configured subfunction blocks for indication to
187the guest. A subfunction block will only be used if the associated STFL(E) bit
188has not been disabled by user space (so the instruction to be queried is
189actually available for the guest).
190
191As long as no data has been written, a read will fail. The IBC will be used
192to determine available subfunctions in this case, this will guarantee backward
193compatibility.
194
195See :ref:`KVM_S390_VM_CPU_MACHINE_SUBFUNC` for a
196description of the parameter struct.
197
198:Parameters: address of a buffer to store/load the subfunction blocks from.
199:Returns:   -EFAULT if the given address is not accessible from kernel space;
200	    -EINVAL when reading, if there was no write yet;
201	    -EBUSY if at least one VCPU has already been defined;
202	    0 in case of success.
203
2043. GROUP: KVM_S390_VM_TOD
205=========================
206
207:Architectures: s390
208
2093.1. ATTRIBUTE: KVM_S390_VM_TOD_HIGH
210------------------------------------
211
212Allows user space to set/get the TOD clock extension (u8) (superseded by
213KVM_S390_VM_TOD_EXT).
214
215:Parameters: address of a buffer in user space to store the data (u8) to
216:Returns:   -EFAULT if the given address is not accessible from kernel space;
217	    -EINVAL if setting the TOD clock extension to != 0 is not supported
218	    -EOPNOTSUPP for a PV guest (TOD managed by the ultravisor)
219
2203.2. ATTRIBUTE: KVM_S390_VM_TOD_LOW
221-----------------------------------
222
223Allows user space to set/get bits 0-63 of the TOD clock register as defined in
224the POP (u64).
225
226:Parameters: address of a buffer in user space to store the data (u64) to
227:Returns:    -EFAULT if the given address is not accessible from kernel space
228	     -EOPNOTSUPP for a PV guest (TOD managed by the ultravisor)
229
2303.3. ATTRIBUTE: KVM_S390_VM_TOD_EXT
231-----------------------------------
232
233Allows user space to set/get bits 0-63 of the TOD clock register as defined in
234the POP (u64). If the guest CPU model supports the TOD clock extension (u8), it
235also allows user space to get/set it. If the guest CPU model does not support
236it, it is stored as 0 and not allowed to be set to a value != 0.
237
238:Parameters: address of a buffer in user space to store the data
239	     (kvm_s390_vm_tod_clock) to
240:Returns:   -EFAULT if the given address is not accessible from kernel space;
241	    -EINVAL if setting the TOD clock extension to != 0 is not supported
242	    -EOPNOTSUPP for a PV guest (TOD managed by the ultravisor)
243
2444. GROUP: KVM_S390_VM_CRYPTO
245============================
246
247:Architectures: s390
248
2494.1. ATTRIBUTE: KVM_S390_VM_CRYPTO_ENABLE_AES_KW (w/o)
250------------------------------------------------------
251
252Allows user space to enable aes key wrapping, including generating a new
253wrapping key.
254
255:Parameters: none
256:Returns:    0
257
2584.2. ATTRIBUTE: KVM_S390_VM_CRYPTO_ENABLE_DEA_KW (w/o)
259------------------------------------------------------
260
261Allows user space to enable dea key wrapping, including generating a new
262wrapping key.
263
264:Parameters: none
265:Returns:    0
266
2674.3. ATTRIBUTE: KVM_S390_VM_CRYPTO_DISABLE_AES_KW (w/o)
268-------------------------------------------------------
269
270Allows user space to disable aes key wrapping, clearing the wrapping key.
271
272:Parameters: none
273:Returns:    0
274
2754.4. ATTRIBUTE: KVM_S390_VM_CRYPTO_DISABLE_DEA_KW (w/o)
276-------------------------------------------------------
277
278Allows user space to disable dea key wrapping, clearing the wrapping key.
279
280:Parameters: none
281:Returns:    0
282
2835. GROUP: KVM_S390_VM_MIGRATION
284===============================
285
286:Architectures: s390
287
2885.1. ATTRIBUTE: KVM_S390_VM_MIGRATION_STOP (w/o)
289------------------------------------------------
290
291Allows userspace to stop migration mode, needed for PGSTE migration.
292Setting this attribute when migration mode is not active will have no
293effects.
294
295:Parameters: none
296:Returns:    0
297
2985.2. ATTRIBUTE: KVM_S390_VM_MIGRATION_START (w/o)
299-------------------------------------------------
300
301Allows userspace to start migration mode, needed for PGSTE migration.
302Setting this attribute when migration mode is already active will have
303no effects.
304
305Dirty tracking must be enabled on all memslots, else -EINVAL is returned. When
306dirty tracking is disabled on any memslot, migration mode is automatically
307stopped.
308
309:Parameters: none
310:Returns:   -ENOMEM if there is not enough free memory to start migration mode;
311	    -EINVAL if the state of the VM is invalid (e.g. no memory defined);
312	    0 in case of success.
313
3145.3. ATTRIBUTE: KVM_S390_VM_MIGRATION_STATUS (r/o)
315--------------------------------------------------
316
317Allows userspace to query the status of migration mode.
318
319:Parameters: address of a buffer in user space to store the data (u64) to;
320	     the data itself is either 0 if migration mode is disabled or 1
321	     if it is enabled
322:Returns:   -EFAULT if the given address is not accessible from kernel space;
323	    0 in case of success.
324
3256. GROUP: KVM_ARM_VM_SMCCC_CTRL
326===============================
327
328:Architectures: arm64
329
3306.1. ATTRIBUTE: KVM_ARM_VM_SMCCC_FILTER (w/o)
331---------------------------------------------
332
333:Parameters: Pointer to a ``struct kvm_smccc_filter``
334
335:Returns:
336
337        ======  ===========================================
338        EEXIST  Range intersects with a previously inserted
339                or reserved range
340        EBUSY   A vCPU in the VM has already run
341        EINVAL  Invalid filter configuration
342        ENOMEM  Failed to allocate memory for the in-kernel
343                representation of the SMCCC filter
344        ======  ===========================================
345
346Requests the installation of an SMCCC call filter described as follows::
347
348    enum kvm_smccc_filter_action {
349            KVM_SMCCC_FILTER_HANDLE = 0,
350            KVM_SMCCC_FILTER_DENY,
351            KVM_SMCCC_FILTER_FWD_TO_USER,
352    };
353
354    struct kvm_smccc_filter {
355            __u32 base;
356            __u32 nr_functions;
357            __u8 action;
358            __u8 pad[15];
359    };
360
361The filter is defined as a set of non-overlapping ranges. Each
362range defines an action to be applied to SMCCC calls within the range.
363Userspace can insert multiple ranges into the filter by using
364successive calls to this attribute.
365
366The default configuration of KVM is such that all implemented SMCCC
367calls are allowed. Thus, the SMCCC filter can be defined sparsely
368by userspace, only describing ranges that modify the default behavior.
369
370The range expressed by ``struct kvm_smccc_filter`` is
371[``base``, ``base + nr_functions``). The range is not allowed to wrap,
372i.e. userspace cannot rely on ``base + nr_functions`` overflowing.
373
374The SMCCC filter applies to both SMC and HVC calls initiated by the
375guest. The SMCCC filter gates the in-kernel emulation of SMCCC calls
376and as such takes effect before other interfaces that interact with
377SMCCC calls (e.g. hypercall bitmap registers).
378
379Actions:
380
381 - ``KVM_SMCCC_FILTER_HANDLE``: Allows the guest SMCCC call to be
382   handled in-kernel. It is strongly recommended that userspace *not*
383   explicitly describe the allowed SMCCC call ranges.
384
385 - ``KVM_SMCCC_FILTER_DENY``: Rejects the guest SMCCC call in-kernel
386   and returns to the guest.
387
388 - ``KVM_SMCCC_FILTER_FWD_TO_USER``: The guest SMCCC call is forwarded
389   to userspace with an exit reason of ``KVM_EXIT_HYPERCALL``.
390
391The ``pad`` field is reserved for future use and must be zero. KVM may
392return ``-EINVAL`` if the field is nonzero.
393
394KVM reserves the 'Arm Architecture Calls' range of function IDs and
395will reject attempts to define a filter for any portion of these ranges:
396
397        =========== ===============
398        Start       End (inclusive)
399        =========== ===============
400        0x8000_0000 0x8000_FFFF
401        0xC000_0000 0xC000_FFFF
402        =========== ===============
403