[PATCH 1/4] KVM: arm64: Ignore 'kvm-arm.mode=protected' when using VHE

Thu, 03 Jun 2021 11:34:07 -0700 

Ignore 'kvm-arm.mode=protected' when using VHE so that kvm_get_mode()
only returns KVM_MODE_PROTECTED on systems where the feature is available.

Cc: David Brazdil <dbraz...@google.com>
Signed-off-by: Will Deacon <w...@kernel.org>
---
 Documentation/admin-guide/kernel-parameters.txt |  1 -
 arch/arm64/kernel/cpufeature.c                  | 10 +---------
 arch/arm64/kvm/arm.c                            |  6 +++++-
 3 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/Documentation/admin-guide/kernel-parameters.txt 
b/Documentation/admin-guide/kernel-parameters.txt
index cb89dbdedc46..e85dbdf1ee8e 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2300,7 +2300,6 @@
 
                        protected: nVHE-based mode with support for guests whose
                                   state is kept private from the host.
-                                  Not valid if the kernel is running in EL2.
 
                        Defaults to VHE/nVHE based on hardware support.
 
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index efed2830d141..dc1f2e747828 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -1773,15 +1773,7 @@ static void cpu_enable_mte(struct arm64_cpu_capabilities 
const *cap)
 #ifdef CONFIG_KVM
 static bool is_kvm_protected_mode(const struct arm64_cpu_capabilities *entry, 
int __unused)
 {
-       if (kvm_get_mode() != KVM_MODE_PROTECTED)
-               return false;
-
-       if (is_kernel_in_hyp_mode()) {
-               pr_warn("Protected KVM not available with VHE\n");
-               return false;
-       }
-
-       return true;
+       return kvm_get_mode() == KVM_MODE_PROTECTED;
 }
 #endif /* CONFIG_KVM */
 
diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c
index 1cb39c0803a4..8d5e23198dfd 100644
--- a/arch/arm64/kvm/arm.c
+++ b/arch/arm64/kvm/arm.c
@@ -2121,7 +2121,11 @@ static int __init early_kvm_mode_cfg(char *arg)
                return -EINVAL;
 
        if (strcmp(arg, "protected") == 0) {
-               kvm_mode = KVM_MODE_PROTECTED;
+               if (!is_kernel_in_hyp_mode())
+                       kvm_mode = KVM_MODE_PROTECTED;
+               else
+                       pr_warn_once("Protected KVM not available with VHE\n");
+
                return 0;
        }
 
-- 
2.32.0.rc0.204.g9fa02ecfa5-goog

_______________________________________________
kvmarm mailing list
kvmarm@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/kvmarm

Reply via email to