KVM: s390: add parameter for KVM_CREATE_VM

This patch introduces a new config option for user controlled kernel
virtual machines. It introduces a parameter to KVM_CREATE_VM that
allows to set bits that alter the capabilities of the newly created
virtual machine.
The parameter is passed to kvm_arch_init_vm for all architectures.
The only valid modifier bit for now is KVM_VM_S390_UCONTROL.
This requires CAP_SYS_ADMIN privileges and creates a user controlled
virtual machine on s390 architectures.

Signed-off-by: Carsten Otte <cotte@de.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

3 files changed, 38 insertions, 5 deletions

diff --git a/arch/s390/kvm/Kconfig b/arch/s390/kvm/Kconfig
index a21634173a66..78eb9847008f 100644
--- a/arch/s390/kvm/Kconfig
+++ b/arch/s390/kvm/Kconfig
@@ -34,6 +34,15 @@ config KVM
 
           If unsure, say N.
 
+config KVM_S390_UCONTROL
+        bool "Userspace controlled virtual machines"
+        depends on KVM
+        ---help---
+          Allow CAP_SYS_ADMIN users to create KVM virtual machines that are
+          controlled by userspace.
+
+          If unsure, say N.
+
 # OK, it's a little counter-intuitive to do this, but it puts it neatly under
 # the virtualization menu.
 source drivers/vhost/Kconfig
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index d1c445732451..f0937552175b 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -171,11 +171,22 @@ long kvm_arch_vm_ioctl(struct file *filp,
         return r;
 }
 
-int kvm_arch_init_vm(struct kvm *kvm)
+int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
 {
         int rc;
         char debug_name[16];
 
+        rc = -EINVAL;
+#ifdef CONFIG_KVM_S390_UCONTROL
+        if (type & ~KVM_VM_S390_UCONTROL)
+                goto out_err;
+        if ((type & KVM_VM_S390_UCONTROL) && (!capable(CAP_SYS_ADMIN)))
+                goto out_err;
+#else
+        if (type)
+                goto out_err;
+#endif
+
         rc = s390_enable_sie();
         if (rc)
                 goto out_err;
@@ -198,10 +209,13 @@ int kvm_arch_init_vm(struct kvm *kvm)
         debug_register_view(kvm->arch.dbf, &debug_sprintf_view);
         VM_EVENT(kvm, 3, "%s", "vm created");
 
-        kvm->arch.gmap = gmap_alloc(current->mm);
-        if (!kvm->arch.gmap)
-                goto out_nogmap;
-
+        if (type & KVM_VM_S390_UCONTROL) {
+                kvm->arch.gmap = NULL;
+        } else {
+                kvm->arch.gmap = gmap_alloc(current->mm);
+                if (!kvm->arch.gmap)
+                        goto out_nogmap;
+        }
         return 0;
 out_nogmap:
         debug_unregister(kvm->arch.dbf);
diff --git a/arch/s390/kvm/kvm-s390.h b/arch/s390/kvm/kvm-s390.h
index 99b0b7597115..45b236a7c730 100644
--- a/arch/s390/kvm/kvm-s390.h
+++ b/arch/s390/kvm/kvm-s390.h
@@ -47,6 +47,16 @@ static inline int __cpu_is_stopped(struct kvm_vcpu *vcpu)
         return atomic_read(&vcpu->arch.sie_block->cpuflags) & CPUSTAT_STOP_INT;
 }
 
+static inline int kvm_is_ucontrol(struct kvm *kvm)
+{
+#ifdef CONFIG_KVM_S390_UCONTROL
+        if (kvm->arch.gmap)
+                return 0;
+        return 1;
+#else
+        return 0;
+#endif
+}
 int kvm_s390_handle_wait(struct kvm_vcpu *vcpu);
 enum hrtimer_restart kvm_s390_idle_wakeup(struct hrtimer *timer);
 void kvm_s390_tasklet(unsigned long parm);