Re: [PATCH v3 06/23] kvm: arm64: Add kvm-arm.protected early kernel parameter
From: David Brazdil
Date: Tue Dec 01 2020 - 08:19:59 EST
Hey Sudeep,
> > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> > index 526d65d8573a..06c89975c29c 100644
> > --- a/Documentation/admin-guide/kernel-parameters.txt
> > +++ b/Documentation/admin-guide/kernel-parameters.txt
> > @@ -2259,6 +2259,11 @@
> > for all guests.
> > Default is 1 (enabled) if in 64-bit or 32-bit PAE mode.
> >
> > + kvm-arm.protected=
> > + [KVM,ARM] Allow spawning protected guests whose state
> > + is kept private from the host. Only valid for non-VHE.
> > + Default is 0 (disabled).
> > +
>
> Sorry for being pedantic. Can we reword this to say valid for
> !CONFIG_ARM64_VHE ? I read this as valid only for non-VHE hardware, it may
> be just me, but if you agree please update so that it doesn't give remote
> idea that it is not valid on VHE enabled hardware.
>
> I was trying to run this on the hardware and was trying to understand the
> details on how to do that.
I see what you're saying, but !CONFIG_ARM64_VHE isn't accurate either. The
option makes sense if:
1) all cores booted in EL2
== is_hyp_mode_available()
2) ID_AA64MMFR1_EL1.VH=0 or !CONFIG_ARM64_VHE
== !is_kernel_in_hyp_mode()
The former feels implied for KVM, the latter could be 'Valid if the kernel
is running in EL1'? WDYT?
-David