Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: dadefe3b71
Branches Tags
linux-vybrid_pu...
/
Documentation
/
kvm
/
ppc-pv.txt

ppc-pv.txt 6.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196 
  1. The PPC KVM paravirtual interface
    2. 

  2. =================================
    3. 

  3. 

  4. The basic execution principle by which KVM on PowerPC works is to run all kernel
    5. 

  5. space code in PR=1 which is user space. This way we trap all privileged
    6. 

  6. instructions and can emulate them accordingly.
    7. 

  7. 

  8. Unfortunately that is also the downfall. There are quite some privileged
    9. 

  9. instructions that needlessly return us to the hypervisor even though they
    10. 

  10. could be handled differently.
    11. 

  11. 

  12. This is what the PPC PV interface helps with. It takes privileged instructions
    13. 

  13. and transforms them into unprivileged ones with some help from the hypervisor.
    14. 

  14. This cuts down virtualization costs by about 50% on some of my benchmarks.
    15. 

  15. 

  16. The code for that interface can be found in arch/powerpc/kernel/kvm*
    17. 

  17. 

  18. Querying for existence
    19. 

  19. ======================
    20. 

  20. 

  21. To find out if we're running on KVM or not, we leverage the device tree. When
    22. 

  22. Linux is running on KVM, a node /hypervisor exists. That node contains a
    23. 

  23. compatible property with the value "linux,kvm".
    24. 

  24. 

  25. Once you determined you're running under a PV capable KVM, you can now use
    26. 

  26. hypercalls as described below.
    27. 

  27. 

  28. KVM hypercalls
    29. 

  29. ==============
    30. 

  30. 

  31. Inside the device tree's /hypervisor node there's a property called
    32. 

  32. 'hypercall-instructions'. This property contains at most 4 opcodes that make
    33. 

  33. up the hypercall. To call a hypercall, just call these instructions.
    34. 

  34. 

  35. The parameters are as follows:
    36. 

  36. 

  37. 	Register	IN			OUT
    38. 

  38. 

  39. 	r0		-			volatile
    40. 

  40. 	r3		1st parameter		Return code
    41. 

  41. 	r4		2nd parameter		1st output value
    42. 

  42. 	r5		3rd parameter		2nd output value
    43. 

  43. 	r6		4th parameter		3rd output value
    44. 

  44. 	r7		5th parameter		4th output value
    45. 

  45. 	r8		6th parameter		5th output value
    46. 

  46. 	r9		7th parameter		6th output value
    47. 

  47. 	r10		8th parameter		7th output value
    48. 

  48. 	r11		hypercall number	8th output value
    49. 

  49. 	r12		-			volatile
    50. 

  50. 

  51. Hypercall definitions are shared in generic code, so the same hypercall numbers
    52. 

  52. apply for x86 and powerpc alike with the exception that each KVM hypercall
    53. 

  53. also needs to be ORed with the KVM vendor code which is (42 << 16).
    54. 

  54. 

  55. Return codes can be as follows:
    56. 

  56. 

  57. 	Code		Meaning
    58. 

  58. 

  59. 	0		Success
    60. 

  60. 	12		Hypercall not implemented
    61. 

  61. 	<0		Error
    62. 

  62. 

  63. The magic page
    64. 

  64. ==============
    65. 

  65. 

  66. To enable communication between the hypervisor and guest there is a new shared
    67. 

  67. page that contains parts of supervisor visible register state. The guest can
    68. 

  68. map this shared page using the KVM hypercall KVM_HC_PPC_MAP_MAGIC_PAGE.
    69. 

  69. 

  70. With this hypercall issued the guest always gets the magic page mapped at the
    71. 

  71. desired location in effective and physical address space. For now, we always
    72. 

  72. map the page to -4096. This way we can access it using absolute load and store
    73. 

  73. functions. The following instruction reads the first field of the magic page:
    74. 

  74. 

  75. 	ld	rX, -4096(0)
    76. 

  76. 

  77. The interface is designed to be extensible should there be need later to add
    78. 

  78. additional registers to the magic page. If you add fields to the magic page,
    79. 

  79. also define a new hypercall feature to indicate that the host can give you more
    80. 

  80. registers. Only if the host supports the additional features, make use of them.
    81. 

  81. 

  82. The magic page has the following layout as described in
    83. 

  83. arch/powerpc/include/asm/kvm_para.h:
    84. 

  84. 

  85. struct kvm_vcpu_arch_shared {
    86. 

  86. 	__u64 scratch1;
    87. 

  87. 	__u64 scratch2;
    88. 

  88. 	__u64 scratch3;
    89. 

  89. 	__u64 critical;		/* Guest may not get interrupts if == r1 */
    90. 

  90. 	__u64 sprg0;
    91. 

  91. 	__u64 sprg1;
    92. 

  92. 	__u64 sprg2;
    93. 

  93. 	__u64 sprg3;
    94. 

  94. 	__u64 srr0;
    95. 

  95. 	__u64 srr1;
    96. 

  96. 	__u64 dar;
    97. 

  97. 	__u64 msr;
    98. 

  98. 	__u32 dsisr;
    99. 

  99. 	__u32 int_pending;	/* Tells the guest if we have an interrupt */
    100. 

  100. };
    101. 

  101. 

  102. Additions to the page must only occur at the end. Struct fields are always 32
    103. 

  103. or 64 bit aligned, depending on them being 32 or 64 bit wide respectively.
    104. 

  104. 

  105. Magic page features
    106. 

  106. ===================
    107. 

  107. 

  108. When mapping the magic page using the KVM hypercall KVM_HC_PPC_MAP_MAGIC_PAGE,
    109. 

  109. a second return value is passed to the guest. This second return value contains
    110. 

  110. a bitmap of available features inside the magic page.
    111. 

  111. 

  112. The following enhancements to the magic page are currently available:
    113. 

  113. 

  114.   KVM_MAGIC_FEAT_SR		Maps SR registers r/w in the magic page
    115. 

  115. 

  116. For enhanced features in the magic page, please check for the existence of the
    117. 

  117. feature before using them!
    118. 

  118. 

  119. MSR bits
    120. 

  120. ========
    121. 

  121. 

  122. The MSR contains bits that require hypervisor intervention and bits that do
    123. 

  123. not require direct hypervisor intervention because they only get interpreted
    124. 

  124. when entering the guest or don't have any impact on the hypervisor's behavior.
    125. 

  125. 

  126. The following bits are safe to be set inside the guest:
    127. 

  127. 

  128.   MSR_EE
    129. 

  129.   MSR_RI
    130. 

  130.   MSR_CR
    131. 

  131.   MSR_ME
    132. 

  132. 

  133. If any other bit changes in the MSR, please still use mtmsr(d).
    134. 

  134. 

  135. Patched instructions
    136. 

  136. ====================
    137. 

  137. 

  138. The "ld" and "std" instructions are transormed to "lwz" and "stw" instructions
    139. 

  139. respectively on 32 bit systems with an added offset of 4 to accommodate for big
    140. 

  140. endianness.
    141. 

  141. 

  142. The following is a list of mapping the Linux kernel performs when running as
    143. 

  143. guest. Implementing any of those mappings is optional, as the instruction traps
    144. 

  144. also act on the shared page. So calling privileged instructions still works as
    145. 

  145. before.
    146. 

  146. 

  147. From			To
    148. 

  148. ====			==
    149. 

  149. 

  150. mfmsr	rX		ld	rX, magic_page->msr
    151. 

  151. mfsprg	rX, 0		ld	rX, magic_page->sprg0
    152. 

  152. mfsprg	rX, 1		ld	rX, magic_page->sprg1
    153. 

  153. mfsprg	rX, 2		ld	rX, magic_page->sprg2
    154. 

  154. mfsprg	rX, 3		ld	rX, magic_page->sprg3
    155. 

  155. mfsrr0	rX		ld	rX, magic_page->srr0
    156. 

  156. mfsrr1	rX		ld	rX, magic_page->srr1
    157. 

  157. mfdar	rX		ld	rX, magic_page->dar
    158. 

  158. mfdsisr	rX		lwz	rX, magic_page->dsisr
    159. 

  159. 

  160. mtmsr	rX		std	rX, magic_page->msr
    161. 

  161. mtsprg	0, rX		std	rX, magic_page->sprg0
    162. 

  162. mtsprg	1, rX		std	rX, magic_page->sprg1
    163. 

  163. mtsprg	2, rX		std	rX, magic_page->sprg2
    164. 

  164. mtsprg	3, rX		std	rX, magic_page->sprg3
    165. 

  165. mtsrr0	rX		std	rX, magic_page->srr0
    166. 

  166. mtsrr1	rX		std	rX, magic_page->srr1
    167. 

  167. mtdar	rX		std	rX, magic_page->dar
    168. 

  168. mtdsisr	rX		stw	rX, magic_page->dsisr
    169. 

  169. 

  170. tlbsync			nop
    171. 

  171. 

  172. mtmsrd	rX, 0		b	<special mtmsr section>
    173. 

  173. mtmsr	rX		b	<special mtmsr section>
    174. 

  174. 

  175. mtmsrd	rX, 1		b	<special mtmsrd section>
    176. 

  176. 

  177. [Book3S only]
    178. 

  178. mtsrin	rX, rY		b	<special mtsrin section>
    179. 

  179. 

  180. [BookE only]
    181. 

  181. wrteei	[0|1]		b	<special wrteei section>
    182. 

  182. 

  183. 

  184. Some instructions require more logic to determine what's going on than a load
    185. 

  185. or store instruction can deliver. To enable patching of those, we keep some
    186. 

  186. RAM around where we can live translate instructions to. What happens is the
    187. 

  187. following:
    188. 

  188. 

  189. 	1) copy emulation code to memory
    190. 

  190. 	2) patch that code to fit the emulated instruction
    191. 

  191. 	3) patch that code to return to the original pc + 4
    192. 

  192. 	4) patch the original instruction to branch to the new code
    193. 

  193. 

  194. That way we can inject an arbitrary amount of code as replacement for a single
    195. 

  195. instruction. This allows us to check for pending interrupts when setting EE=1
    196. 

  196. for example.
    197.