On Thu, Oct 24, 2024 at 05:43:49PM +0100, Marc Zyngier wrote:
> Hi Mostafa,
>
> On Thu, 24 Oct 2024 17:06:14 +0100,
> Mostafa Saleh <smostafa@xxxxxxxxxx> wrote:
> >
> > Commit 5053c3f0519c ("KVM: arm64: Use hVHE in pKVM by default on CPUs with
> > VHE support") modified the behaviour of "kvm-arm.mode=protected" without
> > the updating the kernel parameters doc.
> >
> > Update it to match the current implementation.
> >
> > Also, update required architecture version for nested virtualization as
> > suggested by Marc.
> >
> > Cc: Will Deacon <will@xxxxxxxxxx>
> > Cc: Marc Zyngier <maz@xxxxxxxxxx>
> >
> > Signed-off-by: Mostafa Saleh <smostafa@xxxxxxxxxx>
> >
> > ---
> > v2: Update nested value also
>
> Thanks for that. However...
>
> > ---
> > Documentation/admin-guide/kernel-parameters.txt | 10 +++++++---
> > 1 file changed, 7 insertions(+), 3 deletions(-)
> >
> > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> > index 1518343bbe22..d5b771e5cb5b 100644
> > --- a/Documentation/admin-guide/kernel-parameters.txt
> > +++ b/Documentation/admin-guide/kernel-parameters.txt
> > @@ -2740,12 +2740,16 @@
> > nvhe: Standard nVHE-based mode, without support for
> > protected guests.
> >
> > - protected: nVHE-based mode with support for guests whose
> > + protected: hVHE-based mode with support for guests whose
> > state is kept private from the host.
> > + In case hVHE is not supported in hardware, it will
> > + boot with protected nVHE.
> > + nVHE protected mode can still be forced on VHE systems
> > + using "kvm_arm.mode=protected arm64_sw.hvhe=0 id_aa64mmfr1.vh=0"
>
>
> I probably didn't explain myself very well. I would like to avoid
> mentioning hVHE at all, because this is pretty confusing (and really
> an implementation detail). Instead, we can talk about VHE/nVHE, which
> are real architectural features.
Agh, my bad, it makes more sense to talk in terms or architecture.
>
> Also, I just realised that we can use your command-line magic for
> downgrading from VHE to nVHE in all cases, so I'd be suggesting
> something like this:
>
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 1518343bbe223..2bb19f1331fed 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -2740,8 +2740,9 @@
> nvhe: Standard nVHE-based mode, without support for
> protected guests.
>
> - protected: nVHE-based mode with support for guests whose
> - state is kept private from the host.
> + protected: Mode with support for guests whose state is
> + kept private from the host, using VHE or
> + nVHE depending on HW support.
>
> nested: VHE-based mode with support for nested
> virtualization. Requires at least ARMv8.3
> @@ -2749,8 +2750,11 @@
>
> Defaults to VHE/nVHE based on hardware support. Setting
> mode to "protected" will disable kexec and hibernation
> - for the host. "nested" is experimental and should be
> - used with extreme caution.
> + for the host. To force nVHE on VHE hardware, add
> + "arm64_sw.hvhe=0 id_aa64mmfr1.vh=0" to the
> + command-line.
> + "nested" is experimental and should be used with
> + extreme caution.
>
> kvm-arm.vgic_v3_group0_trap=
> [KVM,ARM,EARLY] Trap guest accesses to GICv3 group-0
>
>
> >
> > nested: VHE-based mode with support for nested
> > - virtualization. Requires at least ARMv8.3
> > - hardware.
> > + virtualization. Requires at least ARMv8.4
> > + hardware (with FEAT_NV2).
>
> That part looks good!
>
> Thanks,
>
> M.
>
> --
> Without deviation from the norm, progress is not possible.
Thanks,
Mostafa
