On Thu, 24 Oct 2024 12:32:25 +0100,
Mostafa Saleh <smostafa@xxxxxxxxxx> wrote:
>
> Hi Marc,
>
> On Thu, Oct 24, 2024 at 10:39:45AM +0100, Marc Zyngier wrote:
> > Hi Mostafa,
> >
> > On Wed, 23 Oct 2024 18:12:43 +0100,
> > Mostafa Saleh <smostafa@xxxxxxxxxx> wrote:
> > >
> > > Commit 5053c3f0519c ("KVM: arm64: Use hVHE in pKVM by default on CPUs with
> > > VHE support") modified the behaviour of "kvm-arm.mode=protected" without
> > > the updating the kernel parameters doc.
> > >
> > > Update it to match the current implementation.
> > >
> > > Cc: Will Deacon <will@xxxxxxxxxx>
> > > Cc: Marc Zyngier <maz@xxxxxxxxxx>
> > >
> > > Signed-off-by: Mostafa Saleh <smostafa@xxxxxxxxxx>
> > > ---
> > > Documentation/admin-guide/kernel-parameters.txt | 6 +++++-
> > > 1 file changed, 5 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> > > index bb48ae24ae69..59a0dd7e2de6 100644
> > > --- a/Documentation/admin-guide/kernel-parameters.txt
> > > +++ b/Documentation/admin-guide/kernel-parameters.txt
> > > @@ -2723,8 +2723,12 @@
> > > nvhe: Standard nVHE-based mode, without support for
> > > protected guests.
> > >
> > > - protected: nVHE-based mode with support for guests whose
> > > + protected: hVHE-based mode with support for guests whose
> > > state is kept private from the host.
> > > + In case hVHE is not supported in hardware, it will
> >
> > nit: it is VHE that is supported or not, hVHE is only a SW concept.
> >
> > > + boot with protected nVHE.
> > > + nVHE protected mode can still be forced on VHE systems
> > > + using "kvm_arm.mode=protected arm64_sw.hvhe=0 id_aa64mmfr1.vh=0"
> >
> > This opens another question: none of the arm_sw.*, nor any of the
> > id_aa64* parameters are described (basically, anything that's in
> > arch/arm64/kernel/pi/id_override.c). What should we do about these?
>
> Yes, I mainly added this, to make it easier if someone wants to boot to
> protected nVHE so they don't have to go through the code, but I can
> remove it if it's confusing.
No, I think it is good to capture that sort of information somewhere,
specially given that it is non-trivial to convince the kernel to do
what you want.
But maybe at some point we should document the rest of the options, as
they keep growing, and people are starting to rely on them for one
thing or the other. Not now though.
>
> >
> >
> >
> > >
> > > nested: VHE-based mode with support for nested
> > > virtualization. Requires at least ARMv8.3
> >
> > Huh, another nit to fix. We only support nested with ARMv8.4 (with
> > FEAT_NV2), as the ARMv8.3 version (the original FEAT_NV) is too ugly
> > for words.
> >
> > Mind addressing this?
>
> Sure, I will update it in v2.
Thank you!
M.
--
Without deviation from the norm, progress is not possible.
