Hi folks, These patches implement support for userspace to request a "Protected VM" using KVM on arm64 when configured in Protected Mode (see the existing kvm-arm.mode=protected command-line option). The final patch documents the new ABI and its behaviour, so I won't reproduce that here. Please go and have a look there instead! Note that this series _doesn't_ implement the actual isolation of guest memory; it's more about setting the groundwork for subsequent patches and getting feedback on the user-facing side of things. The final patch is marked RFC accordingly. Cheers, Will Cc: Marc Zyngier <maz@xxxxxxxxxx> Cc: James Morse <james.morse@xxxxxxx> Cc: Alexandru Elisei <alexandru.elisei@xxxxxxx> Cc: Suzuki K Poulose <suzuki.poulose@xxxxxxx> Cc: Mark Rutland <mark.rutland@xxxxxxx> Cc: Christoffer Dall <christoffer.dall@xxxxxxx> Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx> Cc: Fuad Tabba <tabba@xxxxxxxxxx> Cc: Quentin Perret <qperret@xxxxxxxxxx> Cc: Sean Christopherson <seanjc@xxxxxxxxxx> Cc: David Brazdil <dbrazdil@xxxxxxxxxx> Cc: kvm@xxxxxxxxxxxxxxx Cc: linux-arm-kernel@xxxxxxxxxxxxxxxxxxx --->8 Will Deacon (4): KVM: arm64: Ignore 'kvm-arm.mode=protected' when using VHE KVM: arm64: Extend comment in has_vhe() KVM: arm64: Parse reserved-memory node for pkvm guest firmware region KVM: arm64: Introduce KVM_CAP_ARM_PROTECTED_VM .../admin-guide/kernel-parameters.txt | 1 - Documentation/virt/kvm/api.rst | 69 ++++++++ arch/arm64/include/asm/kvm_host.h | 10 ++ arch/arm64/include/asm/virt.h | 3 + arch/arm64/include/uapi/asm/kvm.h | 9 + arch/arm64/kernel/cpufeature.c | 10 +- arch/arm64/kvm/Makefile | 2 +- arch/arm64/kvm/arm.c | 24 +-- arch/arm64/kvm/mmu.c | 3 + arch/arm64/kvm/pkvm.c | 156 ++++++++++++++++++ include/uapi/linux/kvm.h | 1 + 11 files changed, 267 insertions(+), 21 deletions(-) create mode 100644 arch/arm64/kvm/pkvm.c -- 2.32.0.rc0.204.g9fa02ecfa5-goog
