[PATCH v3 06/23] kvm: arm64: Add kvm-arm.protected early kernel parameter

2020-11-26 Thread David Brazdil
Add an early parameter that allows users to opt into protected KVM mode when using the nVHE hypervisor. In this mode, guest state will be kept private from the host. This will primarily involve enabling stage-2 address translation for the host, restricting DMA to host memory, and filtering host SMC

Re: [PATCH v3 06/23] kvm: arm64: Add kvm-arm.protected early kernel parameter

2020-11-27 Thread Sudeep Holla
On Thu, Nov 26, 2020 at 03:54:04PM +, David Brazdil wrote: > Add an early parameter that allows users to opt into protected KVM mode > when using the nVHE hypervisor. In this mode, guest state will be kept > private from the host. This will primarily involve enabling stage-2 > address translati

Re: [PATCH v3 06/23] kvm: arm64: Add kvm-arm.protected early kernel parameter

2020-12-01 Thread Mark Rutland
On Tue, Dec 01, 2020 at 01:19:13PM +, David Brazdil wrote: > Hey Sudeep, > > > > diff --git a/Documentation/admin-guide/kernel-parameters.txt > > > b/Documentation/admin-guide/kernel-parameters.txt > > > index 526d65d8573a..06c89975c29c 100644 > > > --- a/Documentation/admin-guide/kernel-para

Re: [PATCH v3 06/23] kvm: arm64: Add kvm-arm.protected early kernel parameter

2020-12-01 Thread Mark Rutland
On Tue, Dec 01, 2020 at 02:43:49PM +, David Brazdil wrote: > > > > be just me, but if you agree please update so that it doesn't give > > > > remote > > > > idea that it is not valid on VHE enabled hardware. > > > > > > > > I was trying to run this on the hardware and was trying to understand

Re: [PATCH v3 06/23] kvm: arm64: Add kvm-arm.protected early kernel parameter

2020-12-01 Thread David Brazdil
Hey Sudeep, > > diff --git a/Documentation/admin-guide/kernel-parameters.txt > > b/Documentation/admin-guide/kernel-parameters.txt > > index 526d65d8573a..06c89975c29c 100644 > > --- a/Documentation/admin-guide/kernel-parameters.txt > > +++ b/Documentation/admin-guide/kernel-parameters.txt > > @@

Re: [PATCH v3 06/23] kvm: arm64: Add kvm-arm.protected early kernel parameter

2020-12-01 Thread David Brazdil
> > > be just me, but if you agree please update so that it doesn't give remote > > > idea that it is not valid on VHE enabled hardware. > > > > > > I was trying to run this on the hardware and was trying to understand the > > > details on how to do that. > > > > I see what you're saying, but !CO