From: Will Deacon <will@kernel.org>
To: Mark Rutland <mark.rutland@arm.com>
Cc: kvmarm@lists.cs.columbia.edu, Marc Zyngier <maz@kernel.org>,
James Morse <james.morse@arm.com>,
Alexandru Elisei <alexandru.elisei@arm.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Christoffer Dall <christoffer.dall@arm.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Fuad Tabba <tabba@google.com>,
Quentin Perret <qperret@google.com>,
Sean Christopherson <seanjc@google.com>,
David Brazdil <dbrazdil@google.com>,
kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH 1/4] KVM: arm64: Ignore 'kvm-arm.mode=protected' when using VHE
Date: Mon, 7 Jun 2021 20:28:18 +0100 [thread overview]
Message-ID: <20210607192818.GA7929@willie-the-truck> (raw)
In-Reply-To: <20210604140117.GA69333@C02TD0UTHF1T.local>
On Fri, Jun 04, 2021 at 03:01:17PM +0100, Mark Rutland wrote:
> On Thu, Jun 03, 2021 at 07:33:44PM +0100, Will Deacon wrote:
> > Ignore 'kvm-arm.mode=protected' when using VHE so that kvm_get_mode()
> > only returns KVM_MODE_PROTECTED on systems where the feature is available.
>
> IIUC, since the introduction of the idreg-override code, and the
> mutate_to_vhe stuff, passing 'kvm-arm.mode=protected' should make the
> kernel stick to EL1, right? So this should only affect M1 (or other HW
> with a similar impediment).
It's not just about the M1, unfortunately. You can boot with:
"kvm-arm.mode=protected id_aa64mmfr1.vh=1"
which will force VHE mode, so we should fail protected mode in that case.
> One minor comment below; otherwise:
>
> Acked-by: Mark Rutland <mark.rutland@arm.com>
Thanks, I'll keep the tag but please yell if you want me to drop it.
> > diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
> > index efed2830d141..dc1f2e747828 100644
> > --- a/arch/arm64/kernel/cpufeature.c
> > +++ b/arch/arm64/kernel/cpufeature.c
> > @@ -1773,15 +1773,7 @@ static void cpu_enable_mte(struct arm64_cpu_capabilities const *cap)
> > #ifdef CONFIG_KVM
> > static bool is_kvm_protected_mode(const struct arm64_cpu_capabilities *entry, int __unused)
> > {
> > - if (kvm_get_mode() != KVM_MODE_PROTECTED)
> > - return false;
> > -
> > - if (is_kernel_in_hyp_mode()) {
> > - pr_warn("Protected KVM not available with VHE\n");
> > - return false;
> > - }
> > -
> > - return true;
> > + return kvm_get_mode() == KVM_MODE_PROTECTED;
> > }
> > #endif /* CONFIG_KVM */
> >
> > diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
> > index 1cb39c0803a4..8d5e23198dfd 100644
> > --- a/arch/arm64/kvm/arm.c
> > +++ b/arch/arm64/kvm/arm.c
> > @@ -2121,7 +2121,11 @@ static int __init early_kvm_mode_cfg(char *arg)
> > return -EINVAL;
> >
> > if (strcmp(arg, "protected") == 0) {
> > - kvm_mode = KVM_MODE_PROTECTED;
> > + if (!is_kernel_in_hyp_mode())
> > + kvm_mode = KVM_MODE_PROTECTED;
> > + else
> > + pr_warn_once("Protected KVM not available with VHE\n");
>
> ... assuming this is only for M1, it might be better to say:
>
> Protected KVM not available on this hardware
>
> ... since that doesn't suggest that other VHE-capable HW is also not
> PKVM-capable.
I'm just moving the existing string here, but as above, it's not M1
specific.
Will
next prev parent reply other threads:[~2021-06-07 19:28 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-03 18:33 [PATCH 0/4] kvm/arm64: Initial pKVM user ABI Will Deacon
2021-06-03 18:33 ` [PATCH 1/4] KVM: arm64: Ignore 'kvm-arm.mode=protected' when using VHE Will Deacon
2021-06-04 14:01 ` Mark Rutland
2021-06-07 19:28 ` Will Deacon [this message]
2021-06-03 18:33 ` [PATCH 2/4] KVM: arm64: Extend comment in has_vhe() Will Deacon
2021-06-04 14:09 ` Mark Rutland
2021-06-03 18:33 ` [PATCH 3/4] KVM: arm64: Parse reserved-memory node for pkvm guest firmware region Will Deacon
2021-06-04 14:21 ` Mark Rutland
2021-06-08 12:03 ` Will Deacon
2021-06-03 18:33 ` [RFC PATCH 4/4] KVM: arm64: Introduce KVM_CAP_ARM_PROTECTED_VM Will Deacon
2021-06-03 20:15 ` Sean Christopherson
2021-06-08 12:08 ` Will Deacon
2021-06-11 13:25 ` Alexandru Elisei
2021-06-04 14:41 ` Mark Rutland
2021-06-08 12:06 ` Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210607192818.GA7929@willie-the-truck \
--to=will@kernel.org \
--cc=alexandru.elisei@arm.com \
--cc=christoffer.dall@arm.com \
--cc=dbrazdil@google.com \
--cc=james.morse@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.cs.columbia.edu \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=pbonzini@redhat.com \
--cc=qperret@google.com \
--cc=seanjc@google.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).