Currently this way for testing only.
When the option restricted_mem is set, the guest will use the new
restricted memory extensions.
This is done this way for now to enable testing and debugging.
In the future, pKVM will require that all its guest use
restricted memory, so instead of a flag, the intention is for the
final version of this patch series to rely on KVM_CAP_PRIVATE_MEM
and fail if that capability isn't supported.
Signed-off-by: Fuad Tabba <tabba@xxxxxxxxxx>
---
arm/kvm.c | 5 +++++
builtin-run.c | 2 ++
include/kvm/kvm-config.h | 1 +
3 files changed, 8 insertions(+)
diff --git a/arm/kvm.c b/arm/kvm.c
index 8772a55..094fbe4 100644
--- a/arm/kvm.c
+++ b/arm/kvm.c
@@ -74,6 +74,11 @@ void kvm__arch_set_cmdline(char *cmdline, bool video)
void kvm__arch_init(struct kvm *kvm)
{
+ if (kvm->cfg.restricted_mem &&
+ !kvm__supports_extension(kvm, KVM_CAP_PRIVATE_MEM)) {
+ die("Guest restricted memory capability not supported.");
+ }
+
/* Create the virtual GIC. */
if (gic__create(kvm, kvm->cfg.arch.irqchip))
die("Failed to create virtual GIC");
diff --git a/builtin-run.c b/builtin-run.c
index bb7e6e8..4642bc4 100644
--- a/builtin-run.c
+++ b/builtin-run.c
@@ -202,6 +202,8 @@ static int mem_parser(const struct option *opt, const char *arg, int unset)
"Hugetlbfs path"), \
OPT_BOOLEAN('\0', "virtio-legacy", &(cfg)->virtio_legacy, \
"Use legacy virtio transport"), \
+ OPT_BOOLEAN('\0', "restricted_mem", &(cfg)->restricted_mem, \
+ "Use restricted memory for guests"), \
\
OPT_GROUP("Kernel options:"), \
OPT_STRING('k', "kernel", &(cfg)->kernel_filename, "kernel", \
diff --git a/include/kvm/kvm-config.h b/include/kvm/kvm-config.h
index 368e6c7..ea5f3ea 100644
--- a/include/kvm/kvm-config.h
+++ b/include/kvm/kvm-config.h
@@ -65,6 +65,7 @@ struct kvm_config {
bool ioport_debug;
bool mmio_debug;
bool virtio_legacy;
+ bool restricted_mem;
};
#endif
--
2.39.0.rc0.267.gcb52ba06e7-goog
